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FOREWORD 


Networks are everywhere. They connect all kinds 
of businesses, from local bookshops to huge cor¬ 
porations to universities, across multiple cities and 
continents. Networks are conceptually simple to 
understand, yet they are becoming more and more 
complex, with innovation in areas such as Software 
Defined Networks (SDN), the Internet of Things 
(IoT), and other technologies just around the corner. 

To understand, design, and manage today’s complex networks, network 
professionals must not only master the theory but also practice and validate 
concepts in these ever-changing environments. This is where GNS3 comes 
in: it gives users immense flexibility to build their own networking labs, 
allowing them to experiment with new network features, capture packets 
to dissect protocols, and verify configurations for later deployment on real 
devices. All of this is done without the need to invest in expensive hardware. 



GNS3 is a powerful and adaptable tool, evolving to now integrate multiple 
vendors and iterating to meet the growing needs of network professionals. 
But how do you master GNS3 itself and where do you start? 

In The Book of GNS3, Jason covers everything that network engineers, 
administrators, and people studying for certifications need to get started, 
from walking you through installing and configuring GNS3 to creating and 
managing your projects. Jason digs deep while showcasing the true breadth 
of the software, covering topics like how to capture network packets, how 
to connect to real networks and live switches, and how to include advanced 
systems such as Juniper’s vSRX Firefly and Cisco’s lOS-XRv in your labs. He 
spends significant time explaining concepts and giving tips that will make 
you an expert user in no time. 

Jason’s book is ideal to harness GNS3 and make the most out of your 
network labs. Whether you are a beginner in the networking space or a sea¬ 
soned professional, I can guarantee that you will walk away learning some¬ 
thing new. 


Jeremy Grossmann 
Co-founder of GNS3 
May 2015 
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INTRODUCTION 


I started using GNS3 early in its develop¬ 
ment and took to it like a duck to water. 
From the beginning I could see it was going 
to be an invaluable networking tool. I’ve used 
it to get hands-on experience with operating systems 
such as Cisco IOS, Junos OS, and Arista, as well as to 

pass quite a few network certification exams. To this day, I use it on a regu¬ 
lar basis to test router configurations before deploying real equipment to 
the held. The Book of GNS3 is my way of sharing this great resource with 
other networking professionals, like you. 



Who This Book Is For 

This book is for anyone involved with networking routers, switches, or 
firewalls. Whether you use Cisco, Juniper, Arista, Vyatta, or some other net¬ 
work operating system, GNS3 is a great alternative to building physical labs. 
Unlike labs that use physical equipment, GNS3 virtual labs let you create 


and save unlimited network configurations, without having to tear apart an 
existing lab. This book covers all the details to get your projects up and run¬ 
ning fast. 


What's in This Book 

The Book of GNS3 guides you through installing, configuring, and running 
GNS3 on Windows, OS X, and Linux, and it shows you some geeky and fun 
tricks along the way. Whether you’re just getting started or have used GNS3 
before, I think you’ll find a new appreciation for how much is possible when 
you have the right tool. I don’t cover TCP/IP networking fundamentals, but 
I do provide plenty of examples of how to configure GNS3 devices. 

My Approach 

The most effective way of learning is by doing. That’s why I use a tutorial- 
based approach to creating fully functional multivendor labs using GNS3. 
The tutorials explain how to build and configure labs using the virtual 
devices introduced in the chapters. I provide examples of configuring 
Cisco IOS, Junos OS, and Juniper vSRX Firefly, and more. You don’t need 
to be an expert with network operating systems because I’ll guide you step- 
by-step through the configurations. You could spend days, or even weeks, 
searching the Web to figure out how to configure features such as connect¬ 
ing to live switches, creating a virtual access server, or connecting your vir¬ 
tual labs to the Internet. But there’s no need to do that after you read The 
Book of GNS3. 

Book Overview 

The Book of GNS3 guides you through the installation and use of GNS3, and 
each chapter introduces new concepts that build on skills from previous 
ones. You’ll learn how to create and manage simple to complex projects, 
using only a single computer or sharing the load across multiple computers. 

• Chapter 1, Introducing GNS3, covers what GNS3 is and how it works, 
provides an overview of GNS3, and discusses the benefits of virtual 
networks. 

• Chapter 2, Installing a Basic GNS3 System, discusses installing GNS3 
on Windows, OS X, and Linux, and it explains the benefits of using vir¬ 
tual appliances to run GNS3 as an alternative to installing it directly on 
your PC. 

• Chapter 3, Configuration, looks at installing a Cisco IOS image and 
setting up your first virtual router using Dynamips. You’ll also learn the 
importance of setting an Idle-PC value for Dynamips routers. 

• Chapter 4, Creating and Managing Projects, teaches you to configure 

a virtual router. After that, you’ll look at all the toolbar options and cre¬ 
ate a simple two-router network. 
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• Chapter 5, Integrating Hosts and Using Wireshark, shows you how to 

install VPCS and use it to add simple PC-like hosts to your projects. 
You’ll learn how to add full-blown virtual PCs using VirtualBox and 
create a lab using a virtual Cisco IOS router and a VirtualBox Linux 
PC. You'll then learn about capturing packets using Wireshark. 

• Chapter 6, Juniper Olive and vSRX Firefly, explains how to install 
QEMU and use it to create your own virtual Juniper router. You’ll cre¬ 
ate a network using Juniper and Cisco, learn how install Juniper vSRX 
Firefly, and configure a basic vSRX firewall. 

• Chapter 7, Device Nodes, Live Switches, and the Internet, demon¬ 
strates the built-in device nodes in GNS3 and explains how they can be 
used to conserve resources on your PC. You’ll also learn how to connect 
your GNS3 projects to live switches and the Internet. 

• Chapter 8, Cisco ASA, IDS/IPS, and IOS-XRv, takes you from setting 
up GNS3 devices to configuring them. You’ll create a Cisco ASA fire¬ 
wall and an IDS/IPS and create a network lab using Cisco IOS-XRv. 

• Chapter 9, Cisco IOS on Unix and NX-OSv, continues the theme of 
device creation. You’ll learn how to install Cisco IOS on Unix and 
create a virtual NX OS switch using NX-OSv. 

• Chapter 10, Cool Things to Do on a Rainy Day, presents some fun 
things you can do with your new GNS3 knowledge, such as creating a 
simulated access server to managing your devices and deploying GNS3 
virtual device configurations to real Cisco routers. 

• Appendix A, Help! I’ve Fallen and I Can’t Get Up, discusses some 
common problems that you may encounter in GNS3 and provides solu¬ 
tions to correct them. 

• Appendix B, Cisco Hardware Compatible with GNS3, lists Cisco 
routers that are compatible with GNS3 and what Cisco IOS image 
files work best. 

• Appendix C, NM-16ESW and IOU L2 Limitations, provides infor¬ 
mation about IOS on Unix and NM-16ESW Cisco switches that are 
used in GNS3. 

Now, get ready to dive into GNS3. Before embarking on this journey, be 

sure to kiss your family goodbye because once you get started, you won’t be 

able to stop! 
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INTRODUCING GNS3 


GNS3 is a cross-platform graphical net¬ 
work simulator that runs on Windows, 

OS X, and Linux, and it’s the collabora¬ 
tive effort of some super-talented, industrial- 
strength nerds—folks such as Christophe Fillot, 
Jeremy Grossmann, andjulien Duponchelle, just 

to name a few. Fillot is the creator of the MIPS processor emulation pro¬ 
gram (Dynamips) that allows you to run Cisco’s router operating system, 
and Grossmann is the creator of GNS3. He took Dynamips and integrated 
it, along with other open source software, into an easy-to-use graphical user 
interface. Duponchelle assists with coding GNS3, and his contributions 
have helped to advance the software. 

GNS3 lets you design and test virtual networks on your PC, including 
(but not limited to) Cisco IOS, Juniper, MikroTik, Arista, and Vyatta net¬ 
works, and it’s commonly used by students who need hands-on experience 
with Cisco IOS routing and switching while studying for the Cisco Certified 
Network Associate (CCNA) and Cisco Certified Network Professional 



(CCNP) exams. But that merely scratches the surface of what GNS3 can do. 
In this chapter, I discuss what GNS3 is, as well as the benefits and limita¬ 
tions of the software. 


Why Use GNS3? 

Before the wonders of virtualization, network engineers, administrators, 
and students had to build labs with physical hardware or rent time on a 
rack. Both options can be expensive and inconvenient, and they limit the 
network designs available to you. Software simulation programs such as 
RouterSim and Boson NetSim have been around for a long time, too, but 
these limited applications merely simulate the commands of Cisco IOS. 
Cisco Education does offer cheaper virtualized rack rental, based on Cisco 
IOS on Unix (IOU), but it allows you to practice on only specific precon¬ 
figured network configurations. It also requires that you have an active 
Internet connection to access the labs. Cisco also offers a product named 
Virtual Internet Routing Lab (VIRL) that’s similar to GNS3, but it requires 
an annual fee, limits the number of objects you can use in your labs, and 
uses only simulated Cisco operating systems. 

GNS3, on the other hand, allows you to customize your network labs 
to exactly meet your needs, create unlimited projects using Cisco and 
non-Cisco technology, add unlimited objects to your projects, and access 
those projects anytime, regardless of Internet connectivity. GNS3 provides 
maximum flexibility for your designs through a combination of emulated 
hardware devices that run real network operating systems such as Cisco 
IOS, simulated operating systems such as NX-OSv, and the ability to share 
resources across multiple computers. 

Emulated Hardware 

GNS3’s graphical interface allows you to create virtualized network labs with 
a variety of routers, switches, and PCs, but it really shines when it’s paired 
with Cisco IOS. Unlike similar applications, GNS3 doesn’t merely mimic 
Cisco IOS commands or features. Instead, it uses a backend hypervisor 
application to emulate the hardware that runs Cisco IOS. Because only the 
hardware is emulated, you run an actual IOS image hie on your PC. All the 
configuration commands and output come from a real IOS, and theoreti¬ 
cally, any protocols or features that an IOS version supports are available 
to use in your network designs. This functionality distinguishes GNS3 from 
programs such as RouterSim, Boson NetSim, or VIRL, which simulate the 
entire experience and provide only limited environments, commands, and 
scenarios for you to work with. 

Simulated Operating Systems 

In addition to emulated hardware, GNS3 integrates simulated operating 
systems, and they can be fully networked to other GNS3 devices. One such 
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example is Cisco lOU, which I cover in Chapter 9. lOU consists of a series 
of Linux binary hies that emulate the features of IOS images, and it’s fully 
supported by GNS3. 

In addition to Cisco IOS, GNS3 can integrate Quick Emulator (QEMU) 
and VirtualBox virtual machines running operating systems such as Linux, 
BSD, or Windows. For example, to practice installing and configuring an 
Apache web server on Linux, just add a VirtualBox virtual machine (VM) 
running Linux and Apache to GNS3 and test it by browsing to it from 
another VirtualBox host. All of this is done within the GNS3 user environ¬ 
ment. If you want to throw a firewall in front of your Apache server, you 
could use a Cisco router, adaptive security appliance (ASA) firewall, or 
even a Linux-based firewall such as Vyatta. 

Scalability with the GNS3 Server 

GNS3 leverages client-server technology; much like a web browser con¬ 
nects to a web server to access and display web pages, the GNS3 graphical 
user interface (GUI) program accesses a GNS3 server, allowing it to start, 
stop, and otherwise control GNS3 devices. This allows your projects to 
scale because they’re not restricted to running on a single computer. If you 
work with large or complex topologies, you can also run the GNS3 server 
program on a different PC than the GNS3 GUI program. If you have access 
to a high-end server with a lot of memory and processing power, you can 
install the GNS3 server program on the server hardware but control all the 
devices from the GNS3 GUI program running on a more modest PC. 


Virtual Connectivity 

The true beauty of GNS3 lies in its ability to network your virtual devices 
together, usually using protocols such as Internet Protocol version 4 (IPv4) 
and Internet Protocol version 6 (IPv6), to create labs that can run on just a 
single computer. Some of the simplest designs may have only a few compo¬ 
nents, like the project shown in Figure 1-1. 



VBOX1 
Fedora Linux 


R1 

Cisco 


Figure 1-1: A CNS3 topology integrating Fedora Linux, Cisco, and Juniper routers 
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The project in Figure 1-1 allows a Fedora Linux host to access the live 
Internet via a switch, a Juniper router, a Cisco router, and finally a GNS3 
Cloud node. That’s a simple network, but you can create complex networks 
made up of a dozen or more routers, switches, and PCs, like the design in 
Figure 1-2. 



Figure 1-2: A complex, multiprotocol GNS3 topology 


The project in Figure 1-2 is configured with more than 25 devices, 
including redundant switch blocks, EtherChannel, L2 Hot Standby Routing 
Protocol (HSRP), Frame Relay, Enhanced Interior Gateway Routing Protocol 
(EIGRP), Open Shortest Path First (OSPF), and Border Gateway Protocol 
(BGP), but the project can be run on a modestly configured PC. To keep 
your devices straight, you can also annotate your designs with colored, scal¬ 
able text, as I’ve done in this example. If you have a laptop, you can even 
take projects on the road to present to clients, solve design issues, or study 
for certification exams. CCNA or CCNP candidates can also create all the 
training labs necessary to learn Cisco’s exam material, practice with real 
operating systems, and study from anywhere. 

GNS3 has the ability to bridge virtual interfaces in your lab devices to 
one or more physical Ethernet interfaces in your PC. This allows you to 
connect your virtual networks to real hardware such as routers, switches, 
and other PCs. For example, you can run two or more GNS3 networks using 
multiple PCs and connect the PCs together using an Ethernet crossover cable 
or a physical switch. Doing so gives you the capability to connect all GNS3 
devices across all the PCs. (I affectionately refer to this as a GNS3 ubernetl) 
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Open Source Integration 

GNS3 performs its magic by leveraging open source technologies, including 
Dynamips, QEMU, and VirtualBox. It can run Juniper, Arista, and many 
other network operating systems as easily as Cisco IOS. 

The Dynamips Hypervisor 

To emulate Cisco hardware, GNS3 comes bundled with Dynamips, a won¬ 
derful application created in 2005 by Christophe Fillot of France and kept 
current by contributions from Flavio J. Saraiva and others. The Dynamips 
hypervisor program can emulate Cisco 1700, 2600, 3600, 3700, and 7200 
series router hardware. Thanks to Dynamips, you can quickly and easily 
configure these router models with a variety of emulated Cisco network 
SLOT and WAN interface cards (WICs) in GNS3. Virtual input/output 
(I/O) cards allow you to add multiple Ethernet interfaces, switch modules, 
and serial ports to your devices. You can even add or remove memory on a 
per-device basis, depending on your project requirements and Cisco IOS 
version. 

QEMU and VirtualBox 

You can add QEMU and VirtualBox virtual machines to GNS3 and use 
them in your projects. These devices can be linked to other GNS3 devices 
to form a complete end-to-end network. For example, you can connect a 
VirtualBox host to a series of switches and routers and permit it to access 
resources on another VirtualBox host on that network. In this scenario, you 
can configure and test all sorts of routing protocols as well as features such 
as network address translation (NAT), access control lists (ACLs), and vir¬ 
tual private networks (VPNs). Naturally, your physical computer’s hardware 
places restrictions on your resources, but modern computers have many 
unused resources just waiting to be tapped by GNS3. 


A Few Limitations 

GNS3 is not without its limitations. Dynamips has been limited in such a 
way that you cannot use it in a production environment, making it useful 
only for education. Additionally, switching is limited to a modest command 
set, unless you integrate one or more physical Catalyst switches into your 
GNS3 projects. Fortunately, IOU helps bridge some of this gap. 

Some Assembly Required 

All great things come at a price, and GNS3 is no exception. Most notably, 
GNS3 requires one or more Cisco IOS images to run on your virtual 
Dynamips routers, and GNS3 does not provide them. Images can be 
copied from a router you own or through a Cisco connection online 
(CCO) account, if you have a contract with Cisco. 
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Limited Emulation 

Dynamips is unable to emulate the application-specific integrated circuit 
(ASIC) hardware of Cisco’s advanced Catalyst switches. This is a minor 
setback for the aspiring CCNA or even CCNP, but it does hamper aspir¬ 
ing Cisco Certified Internetwork Experts (CCIEs) who need the switches’ 
advanced features. However, the versatility of GNS3 allows you to integrate 
your GNS3 virtual labs with actual Catalyst switches. This can greatly reduce 
the cost of creating a CCIE lab, and because most of the lab is virtualized, 
it allows for greater flexibility in your configurations. 

When you don’t need those advanced features, you can add a virtual 
switch module, like the Cisco NM-16ESW, to one of your virtual Cisco 
routers to create a simple layer 3 switch. This device should satisfy modest 
switching needs, including virtual local area networks (VLANs), 802.IQ 
trunking, spanning-tree, EtherChannel, and multiprotocol routing using 
EIGRP, OSPF, BGP, and other protocols. Lastly, Cisco IOU images can be 
used to emulate Cisco switches, and they provide more commands than 
the Dynamips switch module. 

Hamstrung Network Performance 

Another GNS3 limitation is network performance. Because Dynamips is 
an emulator that doesn’t provide any hardware acceleration, throughput is 
restricted from 1.5Mb to 800Mb per second, depending on which IOS you 
use and your configuration. This may seem like a limitation, but it’s actu¬ 
ally a good thing because it prevents users from virtualizing Cisco hardware 
and placing it into production environments. Imagine if emulated devices 
ran at full throughput: every network nerd from here to Timbuktu would 
install virtual routers on cheap PCs and use them in production networks, 
effectively stealing Cisco’s intellectual property. If that happened, Cisco 
would have come down on the Dynamips developers like a proverbial ton 
of bricks, and GNS3 wouldn’t exist today. This limitation has little to no 
effect when using GNS3 for education and testing. 


Final Thoughts 

Now that I’ve hit the highlights of GNS3, I hope you’re as excited as I 
am to use it on your own computer. Unlike similar applications or tools, 
GNS3 gives you complete control, leaving you free to use your imagina¬ 
tion to create, learn, and develop elaborate networks that meet your needs. 
Furthermore, you can do it all without the hassle of spending a ton of 
money on routers and switches only to end up with a room full of noisy, 
electricity-sucking hardware. 

In the next chapter, I’ll show you how to install GNS3. Let’s get started! 
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INSTALLING A 
BASIC GNS3 SYSTEM 


Say good-bye to the world of hardware and 
say hello to GNS3! It’s a whole new way to 
learn networking. In this chapter, I’ll guide 
you through the process of installing a basic 
GNS3 system on Microsoft Windows, Mac OS X, and 
Ubuntu Linux. 

A basic installation consists of the GNS3 application and a few helper 
applications. On Windows and OS X, all prerequisite applications come 
bundled in the GNS3 installer package, which is available from the GNS3 
website ( http://www.gns3.com/). 

When installing on Linux, you can download and install GNS3 through 
a platform-specific package manager or directly from source code. The prin¬ 
ciples used for installing from source code can be applied to just about any 
Unix-based system, and it is a great way to ensure that you have the latest 
software. 



General Requirements 

The requirements for running GNS3 are largely determined by the operat¬ 
ing system you’re installing on, the model and number of routers you want 
to use in your projects, and whether you integrate external programs like 
QEMU or VirtualBox into your designs. Most computers purchased in the 
last few years should be able to run this base installation without a hitch. 

That said, if you decide to move beyond creating projects using only 
Cisco routers and incorporate other virtual environments into your GNS3 
designs (such as Linux, BSD, ASA, IDS, or Juniper), you'll want as much 
horsepower as you can get your hands on. The more memory and process¬ 
ing power you have, the better everything will run because programs like 
QEMU and VirtualBox require RAM to run their guest operating systems, 
and they compete with your native operating system for CPU time. You’ll 
also need additional disk space to store your guest operating systems. 

You can visit the GNS3 website to verify the requirements for your 
operating system, but a good rule of thumb for a simple base install is the 
following: 

• 1.5 GHz processor 

• 4GB RAM 

• 250MB free disk space 

These are the minimum specifications, and a system that has them 
should be able to run a simple GNS3 topology using a handful of Cisco 
routers. Of course, as your projects become larger and more complex, 
GNS3 will benefit greatly from a more powerful system. 


NOTE 


If the installation instructions look overwhelming right now, never fear! Jump ahead 
to the “GNS3 Appliances” on page 14 to learn how to download apre-built GNS3 
appliance, and dive right in. 


Installing on Microsoft Windows 

Compared to other operating systems, installing GNS3 on top of Windows 
is a no-brainer. The Windows installer package includes almost all of the 
applications GNS3 needs, plus a few extras not found on other platforms, 
and everything installs with little user intervention. 

The Windows installer includes a few extra useful applications, includ¬ 
ing QEMU, used for Juniper and ASA; Wireshark, a popular network moni¬ 
toring program; PuTTY, a Windows terminal emulation program; and VPCS, 
a simple DOS-like command simulator for testing connectivity using the ping 
and traceroute commands. The installer contains both a 32-bit and a 64-bit 
version of GNS3, and it should install the correct version automatically. 
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Follow these steps to install GNS3 on Windows: 


1. Download the GNS3 all-in-one installer from the GNS3 website 
( http://www.gns3.com /) and launch it to begin installation. 

2. Click Next on the Setup Wizard screen, and click I Agree on the 
License Agreement screen. 

3. Select the folder where you want the installer to place a shortcut to the 
application on the Start Menu, and then click Next. (The default folder 

is GNS3.) 

4. You can then choose the components to include in your installation, 
as shown in Figure 2-1. The default option installs all components to 
create a fully functional GNS3 system, including Wireshark, VPCS, and 
QEMU. To save disk space, or if you don’t need these added features, 
uncheck those options. WinPCAP is required for NIO Ethernet cloud 
connections, and Dynamips is required to create projects using Cisco 
routers and switches. Make your selections and then click Next. 


© GNS3 Setup 

Choose Components 

Choose which features of GNS3 you want to install. 



Check the components you want to rtstal and uncheck the components you don't want to 
install. Click Next to continue. 


Select components to instal: 


Space required: 160.5MB 


0 WinPCAP 
0 Wireshark 

0 SoiarWnds Response Tm 
0 Dynamips 
0 VPCS 
0GNS3 
□ SuperPutty 


Description 



<Bad: |P Nent> Cancel 


Figure 2-1: Choosing the CNS3 components to install 


5. You should see the Choose Install Location screen, as shown in 
Figure 2-2. To install GNS3 to an alternative location, enter the 
new location in the Destination Folder held and click Install. 

6. Continue following all the prompts to complete the installation. 
I recommend you accept all default settings. 
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Figure 2-2: Choosing the destination folder location 

Upon completion, GNS3 should place an icon on your desktop. 


Installing on OS X 

GNS3 is supported only on Intel-based Macs running OS X. You should prob¬ 
ably make sure you have the latest version of OS X before you run GNS3. 

To install the GNS3 application on OS X, download the appropriate 
installer from the GNS3 website ( http://www.gns3.com /), and then double¬ 
click the installer and a DMG disk image hie will appear on your desktop. 
Double-click the image Hie to open the GNS3 folder, and drag the GNS3 
icon to your Applications folder, as shown in Figure 2-3. 



Figure 2-3: Dragging the CNS3 program icon to the Applications folder 
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To run GNS3 on current OS X versions, you might have to right-click 
the installed application icon and select Open the first time you run it. 
You'll be prompted with a dialog warning you that the package is from an 
unidentified developer and asking if you’re sure you want to open the appli¬ 
cation. Click the Open button to circumvent this OS X Gatekeeper feature. 
GNS3 will start normally from then on, without any warnings. 


Installing on Ubuntu Linux 

GNS3 runs well on many different Linux distributions, but there’s an unfor¬ 
tunate lack of documentation for most of them. In this section, I'll strip away 
the mystery and show you how simple it is to get GNS3 running on a Unix- 
based platform. I’ve chosen to cover Ubuntu because it’s one of the most 
commonly used distributions. 

There are two ways to install GNS3 on Linux. You can install a bundled 
package through your package manager or you can install from source code. 
Using a packaged install is quick and easy, but the downside is that you’re 
stuck with whatever version of GNS3 has been ported to your specific plat¬ 
form, which may not be the latest version. This is where a source install 
comes in handy. Installing from source requires only a few extra steps and 
provides you with the latest version of GNS3. Even though I highly recom¬ 
mend installing from source code, we’ll cover both methods here. 

Installing GNS3 from Packages 

To install GNS3 using the Advanced Package Tools, open the terminal 
program and enter the following command: 


$ sudo apt-get install gns3 


When prompted, enter your password. The output from this command 
displays a list of packages that will be installed and shows how much disk 
space will be used by the installation. The installer prompts you to confirm 
that this is okay before proceeding. When confirmed, the packages are 
installed and GNS3 is ready to run. 

You can start the application from the terminal program by entering 
gns3 or launching GNS3 from your display manager’s application menu. 
You’re now ready to configure GNS3. 

Installing GNS3 from Source Code 

Installing front source code ensures that you get the latest version of GNS3 
and is, in my opinion, the best way to install GNS3 on Unix-based systems. 
No matter which version of Linux you’re using, you should be able to use 
these instructions as a guide to get GNS3 up and running on your system. 
In the following example, I'll use Ubuntu Linux as a framework, but keep 
in mind that these instructions can be applied to just about any Unix-based 
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distribution. The primary difference between distributions is the dependen¬ 
cies that are required and how you install them. Be sure to check the GNS3 
website for the latest dependency requirements. 

I’ve installed GNS3 on Solaris, FreeBSD, OpenBSD, Ubuntu, Mint, 
OpenSUSE, Fedora, Fuduntu, Debian, Arch, Gentoo, Kali, Netrunner, and 
PCLinuxOS, so I'm sure you can run it on your system, too! 

Download and unzip the installation hies from the GNS3 website 
( http://www.gns3. corn/). 

Extracting the Source Code 

When you download GNS3 for Linux, you’re provided a ZIP hie that contains 
the Linux source code. Upon extracting the hie you will see individual ZIP 
hies for each program that GNS3 uses. Unzip the GNS3 source hie using the 
following command, replacing x with your version of the hie: 


$ cd “/Download 
$ unzip GNS3-x-source.zip 

dynamips-x.zip 

gns3-gui-x.zip 

gns3-server-x.zip 

vpcs-x.zip 

iouyap-x.zip 


Next, you will update the Ubuntu package manager. 

Updating the Package Manager 

Updating your package manager’s index hies ensures that you install the 
most current versions of the dependencies. On Ubuntu, open the terminal 
program and enter: 


$ sudo apt-get update 


Installing Dependencies 

GNS3 dependencies and package names are specihc to each distribution of 
Linux, so you’ll need to download the ones for your operating system. You 
also might want to check the GNS3 website beforehand as dependencies can 
change over time. On Ubuntu, enter the following commands: 


$ sudo apt-get 
$ sudo apt-get 
$ sudo apt-get 
$ sudo apt-get 
$ sudo apt-get 


install python3-dev 
install python3-setuptools 
install python3-pyqt4 
install python3-ws4py 
install python3-netifaces 


After installing all the python packages, move on to Dynamips. 
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Installing Dynamips 

You’ll need to install a few more packages on your Ubuntu system before 
compiling Dynamips: 


$ sudo apt-get install libpcap-dev 
$ sudo apt-get install libelf-dev 
$ sudo apt-get install uuid-dev 
$ sudo apt-get install cmake 


Next, unzip the source code file, compile, and install Dynamips using 
the following commands. Replace x with your version of the software. 


$ unzip dynamips-x.zip 
$ cd dynamips-x 
$ mkdir build 
$ cd build 
$ cmake .. 

$ make 

$ sudo make install 


When you’re finished, you should have a file named dynamips in your 
/mr/local/bin/ directory. Change the program’s ownership to root and the 
file permissions to executable. This permits Dynamips devices to connect to 
the Internet or to live hardware like Cisco switches using your PC’s Ethernet 
adapter. 


$ sudo chown root /usr/local/bin/dynamips 
$ sudo chmod 4755 /usr/local/bin/dynamips 


For folks who are concerned about security, there is an alternative. You 
can achieve the same functionality without providing root-level permissions 
to Dynamips. The following works on Ubuntu and should work on most sys¬ 
tems running a Linux kernel 2.2 or greater. This method does not work on 
BSD-based systems. 


$ sudo apt-get install libcap2 

$ sudo setcap cap_net_raw,cap_net_admin+eip /usr/local/bin/dynamips 


Next, you’ll install the GNS3 server and GUI source files. 

Installing the GNS3 Server and GUI 

GNS3 consists of two main applications: a server application and a GUI 
application. The server application runs in the background on your PC 
and is generally not seen by normal users. It runs and manages all the 
helper applications, such as Dynamips, QEMU, and VirtualBox. The GUI 
application provides the frontend user experience, and it’s where you inter¬ 
act with GNS3. 
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$ unzip gns3-server-x.zip 
$ unzip gns3-gui-x.zip 


To complete the install, run the GNS3 setup script for each application. 
This step requires elevated root-level privileges, so have your root password 
handy. Start with the GNS3 server. 


$ cd gns3-server-x 
$ sudo python3 setup.py install 


Next, install the GNS3 GUI application. 


$ cd gns3-gui-x 

$ sudo python3 setup.py install 


When the installation finishes, the application is installed under 

/ usr/local/bin/. 

Next, install the Virtual PC Simulator (VPCS) by unzipping the vpcs 
ZIP Hie and running the mk.sh installer script. This software simulates a 
simple host PC and can be used to test routers in your projects. 


$ unzip vpcs-x.zip 
$ cd vpcs-x/src 
$ ./mk.sh 

$ sudo cp vpcs /usr/local/bin 


The final step is specific to Ubuntu and a few other Linux distributions, 
and it is necessary due to their implementation of the Gnome Desktop. 
Without this command, the program will run fine, but some of the menu 
icons won’t display in GNS3. 


$ gconftool-2 --type Boolean --set /desktop/gnome/interface/menus_have_icons True 


To start the program, enter the following terminal command: 
$ gns3 


That’s it! You’re now ready to move on to configuring GNS3 and creat¬ 
ing projects. 


GNS3 Appliances 

An alternative to installing GNS3 on your PC is to use a preconfigured 
GNS3 appliance. A GNS3 appliance is simply a virtual machine that comes 
with GNS3 already installed. GNS3 appliances are extremely flexible because 
they run using an application like VirtualBox. VirtualBox is free and runs on 
most operating systems (including Windows, OS X, Linux, and FreeBSD). 
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4 Few Pros and Cons 

There are several advantages to running GNS3 in a virtual environment. 
The primary ones are ease and portability. Most of the setup work has been 
done for you and you'll have a portable GNS3 installation that can be moved 
from one PC to another. If you buy a new computer, you can copy the appli¬ 
ance to the new PC and everything should run exactly as before, regardless 
of the hardware or operating system your new computer is running. 

On the other hand, your host machine needs to have a fast processor 
and plenty of RAM if you want your guest OS and GNS3 to run well, espe¬ 
cially if you create large or complex projects. And because you’re emulating 
the guest OS’s hardware, your project might take a slight performance hit 
depending on the underlying hardware. 

GNS3 WorkBench 

There are several GNS3 appliances to choose from, but I recommend GNS3 
WorkBench ( http://rednectar.net/gns3-workbench /), shown in Figure 2-4. The 
developer has done a good job making the interface clean, and configura¬ 
tion is fairly straightforward. Built on top of Linux, GNS3 WorkBench comes 
with GNS3, Wireshark, and VPCS preinstalled. It also comes with a bunch of 
exercises and preconfigured labs to help you prepare for Cisco’s CCNA certi¬ 
fication exams. Many of the labs contain problems to troubleshoot, with the 
objectives clearly spelled out. 



Work Bench 


konsote 


^ Applications Places System ^ 


TueJul 24,18:12 


i m ■ . # 

ICND1 Exercises ICND2 Exercises Odom’s (and other) Standard Layouts .. GN5 Vault 
Examples (Labs) 


CNS Tiles • Mur* 
exercises here 


j [user:displayflles] 

Figure 2-4: GNS3 WorkBench 
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GNS3 WorkBench assumes the user has a minimal level of Linux experi¬ 
ence, but some previous Linux experience is helpful. Linux shell scripts are 
included to assist you with installing Cisco IOS, and the labs are designed so 
that they only need a couple of IOS images to work. As a bonus, the developer 
has included a bunch of exercises from the GNS3 Vault. The GNS3 Vault web¬ 
site ( http://www.gns3vault.com/ ) is dedicated to all things GNS3, has a strong 
focus on Cisco education, and provides practice exercises for anyone prepar¬ 
ing for Cisco CCNA or CCNP certification. 

Installing GNS3 WorkBench 

GNS3 WorkBench is free and available only as a VMware virtual machine. 
However, you can import the virtual Disk Image and run the appliance 
using VirtualBox. If you have a desire to natively run the appliance using 
VMware, visit their website (http://www.vmware.com/) and verify that your 
platform is supported. Otherwise, I recommend using VirtualBox (http:// 
www.virtualbox.org/ ) because it supports more platforms—specifically, 
Windows, Linux, FreeBSD, and OS X—and is free for all of them. 

Before you begin, make sure your workstation has 10GB of hard disk 
space free and that you’ve installed VirtualBox. To install GNS3 WorkBench 
under VirtualBox, download the GNS3 WorkBench appliance from the 
GNS3 website (http://www.gns3.com/) , and follow these steps: 

1. Launch VirtualBox and create a new virtual machine by clicking New 
from the startup screen. After the wizard opens, click Continue to 
begin. 

2. Name your virtual machine, choose Linux as the Operating System 
and Ubuntu as the Version (as shown in Figure 2-5), and then click 

Continue. 



Figure 2-5: Creating a new Ubuntu Linux virtual machine for CNS3 WorkBench 
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3. Adjust the memory settings as required and click Continue to advance 
to the Virtual Hard Disk dialog. Then, check the Use existing hard 
disk radio button, click the yellow folder icon, and browse to the loca¬ 
tion where you saved your GNS3 Workbench hies. Select the hie named 
GNS3 WorkBench.vmdk, be sure there’s a check next to Start-up Disk, and 
click Continue, as shown in Figure 2-6. This is the virtual equivalent of 
removing a hard drive from one PC and installing it in another. 

W ^ O Create New Virtual Machine 

Virtual Hard Disk 

If you wish you can now add a start-up disk to the new machine. You can either 
create a new virtual disk or select one from the list or from another location 
using the folder icon. 

If you need a more complex virtual disk setup you can skip this step and make 
the changes to the machine settings once the machine is created. 

The recommended size of the start-up disk is 8.00 CB. 

0 Start-up Disk 

Q Create new hard disk 
© Use existing hard disk 

CNS3 WorkBench.vmdk (Normal, 6.00 GB) (3 


( Co Back ) f Continue-^ 


Figure 2-6: Selecting the VMware Disk Image to use with VirtualBox 


4. Click Next and Complete to finish the Install. 

5. Finally, launch GNS3 WorkBench and install the guest additions. 
Guest additions software provides the hardware drivers for your new 
virtual machine. Click Devices ► Install Guest Additions and follow 
the onscreen instructions. On FreeBSD, guest additions are installed 
via the virtualbox-ose-additions package. 


NOTE 


If your host PC has extra RAM, you may want to give GNS3 WorkBench 2GB of 
RAM (or more), instead of the 1GB defaidt. 1GB of RAM is minimal for GNS3. 
Increasing the available memory will improve performance. 


After you complete the install, click Start to boot up Ubuntu. Instruc¬ 
tions on how to configure and use GNS3 WorkBench should appear. 


Final Thoughts 

In this chapter, you’ve learned that GNS3 can be installed on just about any 
operating system and that you don’t need a PhD in Computer Science to 
do it. That’s not to say it installs as easily on every system. Some Linux distri¬ 
butions, for example, may not have a GNS3 package at all (or the available 
package may be too outdated to meet your needs), but that’s the beauty of 
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open source software: you can install directly from the source code. Another 
potential pitfall is that all the necessary dependencies—or the proper ver¬ 
sion of those dependencies—might not be available for your operating 
system version, and that’s a guaranteed showstopper. In that case, I recom¬ 
mend you use an appliance like GNS3 WorkBench, or use VirtualBox and 
install a guest operating system that, like Ubuntu, fully supports GNS3. 

With GNS3 installed, you’re ready to move on to the next chapter where 
you’ll learn how to configure GNS3 and create projects. 
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CONFIGURATION 



Installing GNS3 is only the first step on 
the road to creating projects; the second 
step is configuration. Fortunately, GNS3 has 
never been easier to configure, and you need to 
perform only a few tasks. In this chapter, I’ll cover the 
basic GNS3 configuration options you need to get IOS 
routers up and running using Dynamips. 


Acquiring an IOS Image 

The virtual Dynamips routers provided by GNS3 are emulated hardware 
devices. Like a freshly formatted PC hard drive, your virtual routers are 
patiently waiting for you to install an operating system so they can do some¬ 
thing useful. What they need is Cisco IOS! 


Before you can boot up a router, you'll need to install and configure at 
least one Cisco IOS image file in GNS3, though you’re on your own when 
it comes to acquiring one. IOS is the intellectual property of Cisco Systems 
and not ordinarily available to the public. Additionally, because the GNS3 
developers have no affiliation with Cisco, they can't legally supply you with 
an IOS image either (so please don’t ask). 

The simplest way to acquire an IOS image Hie is to copy an image from 
a Cisco router that you own. The upside to this approach is that you’re not 
stealing an image; you already have an IOS image that’s licensed for your 
router. The downside is that GNS3 supports only a few models out of the 
hundreds that Cisco manufactures, and your router may not be one of them. 
(See Appendix B for a complete list of compatible Cisco routers and hard¬ 
ware configurations.) 

To copy an IOS image file from a router to a workstation, log on to your 
router and use the Cisco copy command to copy the image file from your 
router’s flash memory to an FTP server. If you don’t know the name of your 
IOS image file, you can use the show flash command on your router. In the 
following example, the IOS image filename is c7200-ios-version.bin ; my FTP 
server is running on a PC with the IP address 192.168.1.25, and my FTP 
username and password are jason and mypass, respectively. 


# copy flash:c 7200 -ios-version.bin ftp://jason:mypass@l92.168.1.25 


When the command is executed from the router, the image file will 
be copied from the router’s flash memory to an FTP server running on 
192.168.1.25 using the supplied credentials. 

If you want to use TFTP instead, download a free TFTP server from the 
Jounin website ( http://tftpdJ2.jounin.net /). When the server is installed and 
running, use the following tftp command to copy the file from your router 
to your TFTP server: 


# copy flash:c7200-ios-version.bin tftp 

Address or name of remote host []? 192.168.1.25 
Destination filename [c7200-ios-version.bin]? <enter> 


Press ENTER after Destination filename [c7200-ios-version.bin] to com¬ 
plete the copy. 

If, on the other hand, you don’t own a Cisco router, there are more 
unsavory ways to find IOS image files, as you’ll surely find with a simple 
Internet search. While companies like Cisco and Juniper have turned a 
blind eye to this sort of thing in the past (as long as the software is used 
only for educational purposes), you may not want to use a bootleg version 
of Cisco IOS. Such images may work just fine, but there’s always the pos¬ 
sibility that they contain malware or have been tampered with in unex¬ 
pected ways. 
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Lastly, if you work for a large company that happens to be a Cisco part¬ 
ner, you should be able to log on to the Cisco website using your partner 
credentials and get any IOS image you desire. Be aware that this sort of 
activity could be grounds for marching you to the corporate gallows, so get 
permission before using your company account. 

However you obtain an IOS image, you can use only image hies that 
are designed for router models supported by GNS3, and some IOS versions 
for a given model may work better than others. If you find that a Dynamips 
router is acting persnickety, try swapping the IOS for a different version 
because this often corrects the problem. 


NOTE 


In general, stay away from c26xx images because they seem to be the least stable! 


Choosing the right router and IOS image is critical to creating stable 
projects. Recommended IOS versions are c36xx, c37xx, and c7200 (but not 
the c7200p) because these are the most stable versions for Dynamips and 
GNS3. Consider the IOS version number, as well. While new IOS versions 
provide the latest bells and whistles, older versions tend to use fewer PC 
resources, such as processor power and memory. If you’re creating simple 
projects for CCNA study, you might want to use an older IOS from the 12.2 
or 12.3 train to conserve resources, but if you’re studying for your CCIE, 
you might need to install the newest IOS available. 


Setting Up Your First IOS Router 

Once you have an IOS image, you need to do a few things before you can 
start using your virtual routers. First, verify the path to Dynamips (this is 
specific to Linux). Next, copy your IOS images to a folder and then add the 
images to GNS3. Finally, set an Idle-PC value for each IOS image that you’ve 
added to GNS3. I’ll walk you through these steps now. 

Configuring Dynamips 

On Windows and OS X, the preferences should be set up for you, but on 
Linux you should verify that the path to the Dynamips application is cor¬ 
rect. Go to Edit ► Preferences, select Dynamips, and click the General 
settings tab, as shown in Figure 3-1. 

Verify that the Path to Dynamips held points to /usr/local/bin/dynamips. 
If you’ve installed the Dynamips application in some other directory, set the 
path to that directory instead. 
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Preferences 


General 

Server 

Packet capture 
VPCS 


IOS routers 
’IOS on UNIX 
IOU devices 
* VlrtualBox 

VlrtualBox VMs 


’QEMU 

QEMU VMs 


Dynamips preferences _ 

General settings Advanced settings 

0 Use the local server 
Path to Dynamips: 

/usr/local/bin/dynamips ] Browse... 

H Allocate AUX console ports 


Restore defaults 


Apply Cancel _ WmM 


Figure 3-1: Dynamips preferences, General settings tab 


Next, click the Advanced settings tab to display the settings in Figure 3-2. 


Dynamips preferences 

General settings Advanced settings 

Memory usage optimisation 
y| Enable ghost IOS support 
W Enable mmap support 
V Enable sparse memory support 


Restore defaults 
i Apply Cancel 

Figure 3-2: Dynamips preferences, Advanced settings tab 


General 

Server 

Packet capture 
VPCS 


IOS routers 
* IOS on UNIX 
IOU devices 
’VlrtualBox 

VlrtualBox VMs 
’QEMU 

QEMU VMs 
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The Dynamips Advanced settings options mostly relate to Dynamips 
stability and memory usage. As a rule you shouldn’t change them, but I'll 
discuss the options so you can decide for yourself. 

The Memory usage optimisation settings are all about conserving 
memory in your PC. The less memory Dynamips uses per router, the more 
routers you can add to your projects. The Enable ghost IOS support option 
reduces memory consumption in your PC by allocating one shared region 
of memory that multiple routers can use, as long as they’re running the 
same IOS image. This is a good reason to use the same router model mul¬ 
tiple times in a project; using several different models, with different IOS 
versions, will eat up more of your PC’s memory. The Enable nnnap support 
option allows the contents of router memory to be written to a hie on your 
hard drive, similar to a cache or swap Hie. The Enable sparse memory sup¬ 
port option reduces the amount of virtual memory used by your routers so 
you can run more router instances per Dynamips process. 


Adding IOS Images to GNS3 

Before you start creating projects using IOS routers, add at least one IOS 
image to GNS3. To add an IOS image, select Edit ► Preferences on Windows 
and Linux, or select GNS3 ► Preferences on OS X. Expand Dynamips from 
the pane on the left and click IOS routers, as shown in Figure 3-3. 


Q ^ Preferences 


General 

IOS routers preFerences 

GNS3 server 


Packet capture 

fj) C3745 

▼ General 


Cloud 

Name: 

C3745 

VPCS 


Server: 

local 

’ Dynamips 


Platform. 

C3745 



Image. 

Idle-PC 

c3745-adventerprisek9-nu.124-17.image 
0x60a89ab0 

▼IOSon UNIX 


IOU devices 

▼VirtualSox 

VirtualBox VMs 

’ QEMU 

QEMU VMS 


Startup-config: /home/Jneumann/.python-eggs/gns3_gui-l.2.dev; 

Prlvate-config: /home/jr>eumann/.python-eggs/gns3_gul-l2.dev; 

▼ Memories and disks 


ram: 

128 MiB 


NVRAM: 

256 KiB 



I/O memory: 
PCMCIA diskO: 

S% 

1 MiB 



PCMCIA diski: 

0 MiB 



▼Adapters 

Slot 0: 

GT96100-FE 






New 

Decompress Edit Delete 


Apply i cancel 



Figure 3-3: IOS routers preferences 
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Click New to start the wizard and then click the Browse button to locate 
your image hie. After selecting your image Hie, you’ll be asked whether you 
would like to decompress the IOS image, as shown in Figure 3-4. 



< Back Next > Cancel 

Figure 3-4: Deciding whether to decompress the 
IOS image 

It’s a good idea to let GNS3 decompress your image Hies; otherwise, 
your routers will have to decompress the images every time a router loads. 
Decompressing the images ahead of time will make your routers boot much 
faster. After decompressing your image, click Next, and GNS3 will attempt 
to recognize the router platform that your IOS belongs to, as shown in 
Figure 3-5. 


O ^ New IOS router - c374S-adventerprlsekS-mz.124-17.lmage 



Name and platform 

Please choose a descriptive name for this new 105 router 
and verify the platform and chassis. 



Figure 3-5: Name and platform screen 


GNS3 has determined that my image file belongs to a c3745 router plat¬ 
form and has automatically named it c3745. If you think this is incorrect, 
you can use the Platform drop-down menu to choose another platform, but 
in my experience, GNS3 does a good job of getting this correct. You can 
change the name of your router to anything you like by entering a name in 
the Name field. 
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In general, from here, you can just click through all the configuration 
settings to configure a basic router model, but the wizard provides oppor¬ 
tunities for you to customize router memory and other features during this 
process. For now, click Next to continue. You should be presented with the 
Memory screen, shown in Figure 3-6. 


O ^ New IOS router - c3745-adventerprisek9-mz.124-17.image 


Memory 

Please cheek the amount of memory (RAM) that you 
allocate to IOS. Not enough RAM could prevent IOS to start 

Default RAM: |l28MIB 

Check for minimum RAM requirement 




Figure 3-6: IOS Memory screen 


Your routers should run fine with the default memory setting. But if 
you’re unsure, click Check for minimum RAM requirements, and GNS3 
will launch a web browser and take you to the Cisco Feature Navigator 
web page at http://www.cisco.com/. From here, you can search for your IOS 
image’s specific memory requirements. Enter that value in the Default RAM 
held. When you’re done, click Next, and you will be presented with the 
Network adapters screen, as shown in Figure 3-7. 


^ New IOS router - c3745-adventerprisek9-mz.l24-l7.image 


Network adapters 

Please choose the default network adapters that should be 
inserted into every new instance of this router. 

slotO: GT96100-FE 

slot 1: 

slot 2: 

slot 3: 

slot 4: 

slots: 

slot 6: 




Figure 3-7: Network adapters screen 


The default setting configures your router with the same standard 
options that are provided with a real model of the same Cisco router. If you 
would like to add more interfaces, use the drop-down menu next to the 
available slots and choose the desired network modules. The slot options 
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will be limited to actual options that are available in the real version of the 
Cisco router. When you’re done, click Next and choose any WIC modules 
that you would like to install. Then click Next again to display the Idle-PC 
screen, shown in Figure 3-8. 


New IOS router - c3745-adventerprlsek9-mz.124-17.image 


Idle-PC 

An Idle-PC value is necessary to prevent IOS to use 100% of 
your processor or one of its core. 



Idle-PC: 


] , Idle-PC finder 



Figure 3-8: Idle-PC screen 


If you start a router in GNS3 without an Idle-PC setting, your com¬ 
puter’s CPU usage will quickly spike to 100 percent and remain there. This 
happens because Dynamips doesn’t yet know whether your virtual router 
is doing something that requires system resources, so it overcompensates 
by giving it all the resources it can. GNS3 will run sluggishly until this is 
corrected, and if CPU usage is left at 100 percent for a long time, your PC’s 
processor could overheat. 

You can easily fix this by having GNS3 look for places in the IOS pro¬ 
gram code where an idle loop exists (idle loops cause the CPU to spike); 
the result of this calculation is called an Idle-PC value. When the proper 
Idle-PC value is applied, Dynamips should periodically sleep the router 
when these idle loops are executed, which greatly reduces CPU usage. If 
you don’t care about all the details, just remember that the Idle-PC value is 
what keeps Dynamips from eating your processor for lunch. 

To have GNS3 automatically find a value, click the Idle-PC finder but¬ 
ton, and GNS3 will attempt to search for a value. If GNS3 finds a suitable 
value, then you’re done; click Finish. If it’s unsuccessful, leave the field 
blank and click Next to save the router without an Idle-PC configuration. 

Setting a Manual Idle-PC Value 

If GNS3 is unable to find an Idle-PC value automatically, you’ll need to find 
one manually. You need to calculate an Idle-PC value only once per IOS 
image. GNS3 applies this setting to all virtual routers using that image file. 
Close the Preferences window, and drag a router from the Devices toolbar 
to your GNS3 workspace, as shown in Figure 3-9. 
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Figure 3-9: Adding a router to a blank workspace 

Next, boot the router by right-clicking the router icon and selecting 
Start; then verify that the IOS loads correctly by immediately right-clicking 
the router again and selecting Console. A Cisco console window should 
open and display the router’s boot messages. If the router boots correctly, 
you’re ready to begin the Idle-PC calculation; if not, make sure that the 
model and default RAM settings assigned to the router are correct, or try 
a different IOS image. 

If you’re running Linux and a Cisco console does not appear after 
selecting Console, check your GNS3 Console Settings. Go to Edit ► 
Preferences, click General, and select the Console applications tab, as 
shown in Figure 3-10. 

Using the Preconfigured commands drop-down menu, select your 
Linux terminal type and then click Set, Apply, and OK. 

When the router boots, your computer’s CPU usage will quickly surge 
to 100 percent. Monitor your CPU usage so that after you’ve set an Idle-PC 
value, you can verify that your CPU usage has settled down. On Windows, 
press ctrl-alt-del and click Task Manager to display CPU usage. On OS X, 
open the Activity Monitor program from the Applications/Utilities folder 
and click CPU. On Linux systems, use System Monitor or enter top at the 
terminal. 
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General Console applications Topology view 

Console settings for Telnet connections 

Preconfigured commands: 

Gnome Terminal _; Set 

Console application command: 
gnome-terminal -t %d -e 'telnet %h %p 

console settings tor local serial connections 

Preconfigured commands: 

Gnome Terminal + socat _ z] Set 

Console application command: 

gnome-terminal -t "%d" -e 'socat UNix-CONNECT:’%s" stdio.raw,i 

Miscellaneous 

& Close any connected console window when deleting a node 
SI Bring console window to Front (experimental feature) 

Delay between each console launch when consoling to all devices: 
500 ms * 


Restore defaults 
Apply cancel ok 

Figure 3-10: Choosing a Console application using Ubuntu Linux 

To begin calculating a value, right-click your 
router and select Idle-PC from the menu, as 
shown in Figure 3-11. 

GNS3 should now calculate Idle-PC values 
and provide one or more values to choose from. 

This can take a minute, so give it time to display 
the results in the Idle-PC values window, shown 
in Figure 3-12. 

If there is an asterisk (*) next to a given 
value, then GNS3 has determined that value to 
be the best, and you should choose it. Click Apply 
to choose the value, and recheck your CPU usage. 

Occasionally, GNS3 miscalculates the value, 
and processor usage remains high. If this hap¬ 
pens, try again using a different value from 
the drop-down menu, and click Apply again to 
choose the new value. If no asterisk is displayed, 
you'll need to find a value that works using a sim¬ 
ple trial-and-error method. When you’re done, 
click OK to save the value. 
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Packet capture 
Cloud 
VPCS 

► Dynamips 

► IOS on UNIX 
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VirtualBox VMs 
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O idle-PC values 


Potentially better Idle-PC values are marked with 

0x60a89ab0 [52]*_; 

Help Apply Cancel OK 

Figure 3-12: Idle-PC values 

After a working Idle-PC value has been applied, you’re ready to create 
some projects! 


Final Thoughts 

Now that you’ve assigned one or more IOS image Hies to your routers and 
configured basic options in GNS3, you’re ready to begin working with your 
routers. You can select any virtual router displayed on the Routers Device 
toolbar. Give it a try. Drag a couple of routers to the workspace, start them 
up, and enter a few IOS commands. 

Just like real Cisco routers, the limitations of your Dynamips virtual 
routers are determined by the IOS version they’re running. If you find that 
your router is missing an IOS command or that the syntax for a given com¬ 
mand is not what you expected, you may need to try a different IOS version. 
If you’re studying for the CCNA or CCNP exam, this shouldn’t be an issue 
because those certifications require a fairly straightforward set of com¬ 
mands and features. If you’re studying for a CCIE or other advanced Cisco 
certification, you might need the latest IOS that supports a more robust set 
of features. When in doubt, visit the Cisco website to find out what features 
and capabilities are supported by a specific router model or IOS. Cisco’s 
Feature Navigator web page is an awesome tool that allows you to search for 
IOS information by features, technology, software, image, or product code, 
and it also allows you to compare software versions. 

Now that you’ve assigned an IOS image and configured basic options in 
GNS3, let’s move on to creating projects! 
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4 

CREATING AND 
MANAGING PROJECTS 


Now that you can configure and start 
a single IOS router, roll up your sleeves 
and I’ll show you how to create a project 
by networking two or more routers together. 
Compared to working with real lab equipment, creat¬ 
ing virtual networks and managing devices in GNS3 

is a breeze. The user interface acts like a master control room, allowing you 
to manipulate your network designs and devices with just a few clicks. This 
chapter will show you how to use GNS3 to centrally manage your network, 
including the virtual hardware. 



Project Management Overview 

A strong feature of GNS3 is project management. You can create an unlim¬ 
ited number of network designs to save and use whenever you need them. 
That means you’ll never have to waste time tearing apart an existing project 
to create a new one, which often happens when you use physical equipment. 


Not only can you save multiple projects, but you can save multiple snap¬ 
shots of an entire project configuration. A snapshot preserves your project’s 
network layout and the state of all your router configurations at a particular 
moment in time. You can restore a snapshot whenever you’d like to roll your 
entire project back to the state it was in when the snapshot was taken. 


NOTE 


Snapshots are useful for practicing CCNA or CCNP configuration drills. You can 
create a lab, apply the basic router configurations required for a drill (such as net¬ 
work addresses, routing protocols, and so on), and then take a snapshot. Once you 
have a snapshot of the basic setup, you can practice applying the scenario’s objectives 
to the network. If you want to practice the same tasks again later, you can revert to the 
basic snapshot, and your routers should be ready without additional configuration. 


GNS3 also gives you the ability to manage your virtual hardware. Just 
like with real routers, you can use Cisco expansion modules to upgrade 
your virtual routers. You can add a wide range of functionality, such as 
additional random access memory (RAM), Ethernet interfaces, serial ports, 
Asynchronous Transfer Mode (ATM), and Packet over SONET (POS) 
ports. 


Terminology 

Before beginning, let’s explore some important terminology. You need 
to know the difference between a topology and a project. A topology file is 
a text file that ends in ,gns3 and primarily refers to devices and the links 
between them. A project is a user-defined project folder ( MyLab , for example) 
stored inside the GNS3/projects folder. A user project folder contains a topol¬ 
ogy file named <project_name>.gns3, router configurations, the contents of 
nonvolatile random access memory (NVRAM), and other saved information. 
In other words, it represents an entire network, including the topology and 
all device configurations. 

Another term you should be familiar with is node. In computer network¬ 
ing, a node is any device connected to your network. In GNS3, a node is any 
device found on the Devices toolbar. 

To be effective at managing devices and projects, you’ll need more than 
just vocabulary; you’ll also need to be familiar with GNS3’s screen layout. 


Screen Layout 

Let’s take a look at the standard GNS3 layout (shown in Figure 4-1) and 
define a few concepts used by the program. 

© GNS3 toolbar 

A series of icons to easily perform common tasks. 


32 Chapter 4 



lo®' 7 ' untitled.gns3* — GNS3 


U-* »*'©■>- 1 ► II ■ C 'B HJ ilj o <a <a © 

[2 Switth«» 


| ATM switch 
" Ethernet hub 
* Ethernet switch 
) EtherSwitch router 
| Frame Relay switch 


R2 

<9 m 

\ / 



CNS3 management console. Running CNS3 on Linux (64-blt). 
Copyright (c) 2006-2014 CNS3 Technologies. 


Figure 4-1: Screen layout showing two routers and a switch in the CNS3 workspace 


© Devices toolbar 

Used to add routers, switches, end devices, and security devices, as well 
as to create links between devices. To create topologies, select a device 
type from the toolbar and drag devices from the device window to your 
workspace. There are two types of devices: simulated and emulated. A 
simulated device mimics all the characteristics of an actual device (like 
an Ethernet switch node) and does not run an operating system. An 
emulated device emulates the hardware of an actual device and requires 
an operating system to function (like virtual Dynamips routers running 
Cisco IOS). 


© Console 

A command line interface where you can manage aspects of your devices. 

© Topology Summary 

Displays the state of devices in your project. A green circle by a device 
indicates that it has started, a red circle indicates that a device is stopped, 
and a yellow circle indicates that a device is suspended. Simulated devices 
(like the Ethernet switch node) are always green. To see the links in use 
on a given device, click the triangle next to the device name. 

© Workspace 

The area in which you'll design your network. Drag devices from the 
Devices toolbar to the workspace and link them together. 

Now that you know what the main GNS3 screen looks like, let’s look 
more closely at the options you’ll find there. 
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Using the GNS3 Toolbar 

The GNS3 toolbar contains several groups of icons that are roughly orga¬ 
nized by function and offer a simple way to get things done. The first group 
deals with projects, the second with links, the third with devices and snap¬ 
shots, and the fourth with additional ways to visually organize your projects. 


First Toolbar Group 

The first group of toolbar icons, shown in Figure 4-2, 
deals with actions that affect entire projects. 

From left to right, these icons are as follows: 

New blank project Creates a new project 
folder and allows you to choose what to name 
your project. 



Figure 4-2: First toolbar 
group 


Open project Opens a previously saved project. To open a project, 
choose the project folder name and select the hie named <project_ 
name>.gns3. 


Save project Saves a complete project to the GNS3 projects folder. By 
default, a PNG image hie of your workspace is saved with your project. 


Second Toolbar Group 

The buttons in the second group of toolbar icons, 
shown in Figure 4-3, allow you to create project 
snapshots, show or hide interface labels, and con¬ 
nect to your devices using the virtual console port 
on your devices. 

From left to right, these icons are as follows: 

Snapshot Creates a snapshot of your devices, links, and IOS configu¬ 
rations to record the state of your workspace at that time. You can save 
more than one snapshot and revert to a saved snapshot at any time. 
Options are Create, Delete, Restore, and Close. 

Show interface labels Shows or hides interface names used by a link. 
These labels are abbreviated and displayed with devices in your work¬ 
space (for example, f0/0 is displayed for FastEthernetO/O). 

Console connect to all devices Opens a console connection to all 
running routers in your workspace. 



Figure 4-3: Second tool¬ 
bar group 


NOTE 


When you open a console connection to all devices, your screen might become cluttered 
with open console windows unless your terminal supports tabbed sessions. When deal¬ 
ing with large topologies, you might find it easier to open and close single sessions as 
needed by right-clicking a device node and choosing Console. 
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Third Toolbar Group 

The third group of toolbar icons, shown in 
Figure 4-4, primarily deals with controlling 
devices. 

From left to right, these four icons are 
as follows: 


► II ■ c 


Figure 4-4: Third toolbar group 


Start/Resume all devices Starts all stopped devices or resumes all 
suspended devices in your workspace. 

Suspend all devices Places all suspend-capable devices in a suspended 
state. 

Stop all devices Stops all devices. 

Reload all devices Reloads all devices. Be sure to save your router 
configurations and project before reloading or else you might lose 
your configurations! 


Fourth Toolbar Group 

The final group of toolbar icons, shown in Figure 4-5, provides tools to 
present your network layouts more clearly. You can add objects such as rect¬ 
angles and ellipses to your project, and even generate a screenshot of your 
workspace. 

3 

Figure 4-5: Fourth toolbar group 

From left to right, the icons in the last toolbar group are as follows: 

Add a note Creates text annotations in your workspace. Double-click 
text to modify it, and right-click the text object to change the Style attri¬ 
butes (such as font size and color). You can also rotate text objects from 
0 to 360 degrees. 

Insert a picture Adds images and logos to your projects. GNS3 sup¬ 
ports PNG, JPG, BMP, XPM, PPM, and TIFF hie formats. 

Draw a rectangle Draws dynamically sizable rectangles. You can right- 
click a rectangle object to change the Style attributes for border and 
border color. Rectangle objects can be rotated from 0 to 360 degrees. 
Draw an ellipse Draws dynamically sizable ellipses. You can right-click 
an ellipse object to change the border style and color. 

Zoom in Zooms in your workspace to see details. 

Zoom out Zooms out of your workspace for a bigger bird’s-eye view. 

Screenshot Generates a screenshot of your workspace. The image can 
be saved as a PNG, JPG, BMP, XPM, PPM, or TIFF hie and by default is 
saved in your GNS3/projects folder. 


I / 

_J 
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WINDOW STYLES AND DOCKS 

GNS3 provides several window styles to choose from. To change the default 
style, select Edit ► Preferences on Linux and Windows, or select GNS3t 
Preferences on OS X. Select the General category, select the General tab, 
and use the drop-down menu under Style to choose your new default style. 

Click Apply and Okay to activate your change. GNS3 will remember your selec¬ 
tion between program restarts. 

Window docks, on the other hand, are the windows that surround the 
GNS3 workspace. GNS3 displays the Console and Topology Summary docks 
by default. 

To view or hide a window dock, select View ► Window Docks and select 
the dock you want to display; any dock with a check mark next to its name 
should appear onscreen. To resize a dock, click the border of the dock window 
where it connects to the workspace and drag the border until you achieve the 
desired size. 

V_y 


Objects (notes, pictures, and shapes) that you add to your workspace 
can be grouped into layers. To raise or lower an object, right-click the 
object and select Raise one layer or Lower one layer. This feature allows 
you to manipulate objects in a layer without affecting other layers. You can 
display layer positions for your objects by choosing View ► Show Layers 
from the menu, which is useful during advanced layer manipulation. 

By adding shapes and colors with this toolbar, you can divide network 
components into logical groups. With text, you can add notes and reminders 
about how your project is configured. Figure 4-6 shows how you can present 
information more clearly using shapes, colors, and annotated text messages. 


GNS3 Project 25 - BGP Load Balancing two ISPs 

This project demonstrates a corp. router that Is load balancing two ISPs using BGP. All BGP transient 
routes are filtered. Router CORP uses two default gateways to reach the Internet. The HOST PC can 
ping simulated sites • www.google.com, and www.yahoo.com. 



Figure 4-6: Sample project with annotations 
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Once you’ve created several projects, it’s easy to forget how you config¬ 
ured them or what your objectives were. Adding notes (like the helpful one 
in Figure 4-6) is a simple way to quickly remind yourself of that information, 
especially after a few weeks or months have gone by. Notes are awesome— 
use them! 


Using the Devices Toolbar 

The Devices toolbar (shown in Figure 4-7) organizes devices by function. 
Click an icon on the Devices toolbar to see all the devices in that device 
group. 



Figure 4-7: Devices toolbar 


To add a device node to your project, click an icon from the Devices 
toolbar to display a list of configured devices and then drag a device to your 
workspace. You can press shift to add multiple identical devices. From left 
to right, the device types in the toolbar are as follows: 

Routers Displays all available Dynamips router nodes that have been 
configured with a valid IOS image hie, as well as IOU L3 routers. 
Switches Displays all available switch nodes, including Ethernet 
switch, Ethernet hub, ATM switch, Frame Relay switch, EtherSwitch 
router, and IOU L2 switches. 

End Devices Displays all available end devices, including QEMU 
guests, VirtualBox guests, host, and cloud. 

Security Devices Displays all available security devices, including 
ASA firewall, IDS/IPS, and any custom nodes you’ve created. 

All Devices Displays all available devices from the Devices toolbar. 

Add a Link When this is selected, your mouse pointer changes to a 
crosshair, indicating that you can link two devices together using their 
virtual interfaces. To link devices, click the first device and select an 
interface; then repeat for the second device to complete the connection. 

Click the All Devices icon now, and you should see a window contain¬ 
ing every configured device in GNS3. You can drag any of the devices to 
your workspace and use them in your project. 


Creating Your First Project 

Now that you know your way around the GNS3 interface, let’s dig into some 
project management details. I’ll cover the easiest way to get things done, but 
keep in mind that GNS3 often provides more than one way to do things. 
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When you launch GNS3, a New project window appears, as shown in 
Figure 4-8. From here, you can either open an existing project or create a 
new one. 


O New project 


Project 

Name: [untitled _| 

Location: ome/jncumann/GNS3/projects/untitled Browse... 

Type: O Local O Cloud 

^ Open a project Recent projects... | Cancel 

Figure 4-8: New project window 

To create a new project, replace untitled with your project name, and 
click OK. If you’re already in GNS3, select File ► New to create a new project. 

Once you’ve created a new GNS3 project, it’s time to build a topology, 
starting with some Dynamips routers. 

Working with Routers 

Begin a project by dragging a couple of routers from the Devices toolbar 
to the GNS3 workspace. If you press shift when adding devices, you should 
see a dialog that allows you to add multiple identical devices. Try adding 
the first pair of routers this way. If you don’t see any routers on the Devices 
toolbar, please refer to “Setting Up Your First IOS Router” on page 21 to 
learn how to add devices to GNS3. 

After adding the routers to your workspace, they should be named 
R1 and R2 automatically. The routers got their names from the command 
hostname %h found in the GNS3 hie ios_base_startup-config.txt. This hie contains 
default IOS settings that are applied to all your routers and are assigned to 
a device when it’s configured with an IOS image hie. To locate the Dynamips 
conhguration hies, go to Preferences, choose Dynamips from the pane 
on the left, and choose IOS Routers. Select a conhgured router and click 
Edit to display the Dynamips IOS Router conhguration options, shown in 
Figure 4-9. 

From here, you can verify the path to your device’s startup-conhg and 
private-conhg hies. When a router is placed in your workspace, the contents 
of the startup-conhg hie ios_base_startup-config.txt are applied to the router 
startup conhguration and loaded to the router’s running conhguration when 
the router is started. If you would like to create custom parameters that are 
globally applied to your routers (for example, to bring up an interface auto¬ 
matically or use a preassigned username and password), use a text editor to 
modify and save the ios_base_startup-config.txt hie. You can apply any valid 
Cisco IOS commands to the hie, provided your IOS supports them, of course. 
You shouldn’t need to modify the ios_base_private-config.txt hie. This hie was 
installed by GNS3 so that you can use Secure Shell (SSH) between router 
restarts, without having to generate new crypto keys on your routers. 
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O ^ Dynamips IOS Router configuration 


C3725 

Ceneral Memories and disks Slots Advanced 

Name: c3725 

Platform: C3725 

IOS image: c3725-adventerprisek9-mz.124-15.T14.image Browse... 

Startupconfig: gg-tmp/gns3/configs/ios_base_startup-config.txt Browse... 
Private-config: »gg-tmp/gns3/configs/ios_base_private-config.txt Browse... 



Figure 4-9: Dynamips IOS Router configuration dialog 

It’s important to note that the changes you make are applied only to 
routers you add to new projects and can’t be applied retroactively to routers 
in your previously saved projects. 

Before modifying yowrios_base_startup-config.txt file, you may want to save a 
backup copy. If you enter invalid commands, your routers may produce errors and 
misbehave. 


Creating Links Between Your Routers 

After you’ve placed devices in your workspace, you’ll need to add links 
between them to create a fully functional network. This is equivalent to 
cabling up a real network, except that you’re using virtual cables rather 
than physical ones. To add links to your devices, click the Add a link icon 
in the Devices toolbar. Your cursor should change to a crosshair, indicat¬ 
ing that you can select devices. To create a link, 
click a device. You’ll be presented with a drop¬ 
down menu of available interfaces, as shown 
in Figure 4-10. 

A red circle next to an interface indicates 
that it’s available to use; a green circle indicates 
the interface is already being used by an existing Figure 4-10: A router with 

link. Select any available interface to establish ,wo FastEthernet interfaces 

the link, and then select an interface on another 
device to complete the connection. You can 
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create connections only between two compatible interface types. In other 
words, just like with physical hardware, you can’t plug a serial cable into an 
Ethernet interface. 

At some point, you may want to 
break a link between two devices to 
simulate an outage, to reconfigure 
your network, or for some other rea¬ 
son. To break a link between two 
devices, right-click the link and select 
Delete, as shown in Figure 4-11. 

To reestablish a link, click the 
Add a link icon again and choose the 
same devices. 

Configuring Virtual Hardware 

When you place virtual routers in your workspace, they have the same con¬ 
figuration options that were applied when you configured the device’s IOS 
image. But that doesn’t mean your routers are stuck with this configuration. 
Like PCs, Cisco routers have expansion ports to provide additional func¬ 
tionality, and GNS3 Dynamips routers provide the same expansion options 
as their physical counterparts. To modify a router’s hardware configuration, 
right-click the router and select Configure; then click the node name (Rl, 
for example), as shown in Figure 4-12. 


Node configurator 


Rl configuration 


Rl 


General Memories and disks Slots Advanced 

Name: Rl 

Platform: C372S 

IOS image path: enterprisek 9 -m 2 . 124 - 1 S.Ti 4 .image Browse- 
Console port: 2001 ^ 

Aux port: 2501 ‘ 


Reset Apply Cancel OK 


Figure 4-12: Cisco IOS router Node configurator dialog 


R2 



Start capturing 
u Delete 


Figure 4-11: Deleting links between 
devices 


40 Chapter 4 



In the Node configurator dialog, you should see the available con¬ 
figuration options for that model of router. Basic models only allow you to 
add simple options, such as Cisco SLOT, WIC, or RAM cards, while more 
advanced models allow you to define features such as the chassis type or a 
Network Processing Engine (NPE) type that can be found in Cisco 7200 
series routers. 

You can configure and apply the same device options for memory and 
slots that were covered in Chapter 3, but the changes you make here will be 
applied only to the devices or device group you chose in your project. All 
other devices will remain unaffected. 

Starting, Stopping, and Pausing Routers 

I've shown you how to start and stop routers by right-clicking a router and 
choosing either Start or Stop, but you can also suspend your router by 
right-clicking it and choosing Suspend. Suspending a router is handy when 
you want to simulate a failure without having to go through the process of 
saving your configuration, stopping the router, and restarting it. In fact, 
repeatedly stopping and restarting GNS3 routers can cause Dynamips to 
crash with some IOS versions, so I recommend suspending and resuming 
instead. 

The suspend feature really shines in network convergence tests. You can 
quickly simulate failures and recoveries to test routing protocols such as the 
Routing Information Protocol (RIP), EIGRP, and OSPF, as well as redun¬ 
dancy protocols such as the HSRP, Virtual Router Redundancy Protocol 
(VRRP), and Gateway Load Balancing Protocol (GLBP). To simulate a fail¬ 
ure, click Suspend and monitor your other routers to verify that failover or 
convergence has occurred. 

To simulate a recovery, resume the router by right-clicking the device 
and choosing Start. Due to throughput limitations placed on Dynamips 
because of the emulation, failover or convergence may take a little longer 
than you’re used to when using real hardware. Don’t worry—this is totally 
normal. 

Of course, even if you can start and stop your routers, you won’t be able 
to do too much with them until you’ve logged on to a console. 

Logging On to Routers 

You log on to your routers using the simulated console port. If this sounds 
familiar, it’s because that’s also how you log on to actual Cisco equipment. 
On a physical piece of hardware, the console port is where you plug in 
Cisco’s little blue serial console cable. Be sure the router is started before 
you open a console connection; otherwise, you won’t get a console screen. 
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CONFIGURING TERMINAL SETTINGS 


s~ 




Whether you're running Windows, OS X, or Linux, there are a number of ter¬ 
minal types available to use with GNS3. But why would you prefer one over 
the other? One reason might be that it's what you have installed on your sys¬ 
tem. On Linux, for example, you may be using the Gnome Desktop, which has 
gnome-terminal installed by default. If that's the case, you may want to modify 
the GNS3 terminal setting to use gnome-terminal. Another reason is that some 
terminal programs provide more features than others. You may want to choose 
a terminal type that allows you to use tabbed windows, for example, so you 
can open more than one console at a time without a bunch of open windows 
cluttering the screen. 

To modify the terminal settings, go to Preferences, click General, and then 
click the Console applications tab to display the window shown in Figure 4-13. 



Figure 4-13: Terminal settings 

From here, you can choose a predefined terminal type and customize the 
command settings under Console application command. (Check your terminal 
application documentation to find out what options are available on your sys¬ 
tem.) When you're done, click Set and then Apply and OK. 
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To log on to all your routers at once, 
click the Console connect to all devices icon 
in the second toolbar group (see Figure 4-3 on 
page 34). To log on to a single router, right- 
click the router node in your workspace and 
select Console or Auxiliary console from the 
menu (see Figure 4-14). 

To change the Transmission Control 
Protocol (TCP) port number on which a router’s 
console or AUX port listens, right-click a device 
in your workspace, click Configure, and select 
the General tab. The port number you choose 
must be unique for every device in GNS3 and 
on your PC. As a rule, I try not to mess with port 
numbers unless I must. GNS3 does a pretty good 
job of keeping them all straight, and mucking 
with them can lead to headaches. But if some 
other TCP/IP application running on your PC 
happens to conflict with GNS3, you may have 
to make some changes before you can log on to 
your router. 


R1 


/ Configure 
V Change hostname 
a Change symbol 
fli Console 
Q Auxiliary console 

* Import config 
Export config 

^ Capture 
■ Idle-PC 
► Start 
JJ Suspend 

• Stop 
O Reload 

i? Raise one layer 
*Z Lower one layer 
u Delete 


Figure 4-14: Choose Console 
or Auxiliary console to con¬ 
nect to a router 


NOTE 


Use thenetstat command on your PC to verify what TCP/IP ports are already in use. 


Once you’ve established a console connection to the router, you should 
see a familiar Cisco console window. 


Trying 127.0.0.1... 

Connected to 127.0.0.1. 

Escape character is ' A ]'. 

Connected to Dynamips VM "Rl" (ID 1, type c3725) - Console port 
Press ENTER to get the prompt. 

R0MM0N emulation microcode. 

Cisco 1720 (MPC860) processor (revision 0x202) with 55206K/9830K bytes of memory. 

Processor board ID FTX0945W0MY (4279256517), with hardware revision 000 
M860 processor: part number 0, mask 0 
Bridging software. 

X.25 software. Version 3.0.0. 

1 FastEthernet/IEEE 802.3 interface(s) 

32K bytes of non-volatile configuration memory. 

4096 K bytes of processor board System flash (Read/Write) 

SETUP: new interface FastEthernetO placed in "shutdown" state 

Press RETURN to get started! 

00:00:02: %LINK-5-CHANGED: Interface FastEthernetO, changed state to administratively down 
00:00:03: %LINEPR0T0-5-UPD0WN: Line protocol on Interface FastEthernetO, changed state to down 
Rl# 
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At this point, you can begin using standard IOS commands to config¬ 
ure the router. One command that might look odd is the show flash com¬ 
mand. Normally this command displays hies saved in flash memory, such 
as the router’s IOS image hie and other default hies from Cisco. In GNS3, 
however, you’ll notice there are no hies saved here by default. What’s more, 
the flash drive may be unformatted', if that’s the case, you’ll need to issue the 
erase flash: command before you can save hies to flash memory. Otherwise, 
you may receive an error similar to the following: 


%Error opening slotO:router-confg (Bad device info block) 


NOTE 


If you use an NM-16ESW switch module, you may have to erase your router’s flash 
memory before you create VLANs; otherwise, the VLAN database (vlan.dat) will not 
be able to be saved. 


This section has been all about Dynamips routers so far, but you can 
also use switches in your GNS3 projects, which I’ll cover next. 


Ethernet Switch Nodes 

The Ethernet switch node is an emulated virtual switch that allows you to 
create VLAN access and trunk ports. The Ethernet switch node supports 
access ports, industry-standard 802.IQ trunk ports, and QinQ tagging. 

It does not, however, support Cisco’s proprietary Inter-Switch Link (ISL) 
trunking protocol. 

To use an Ethernet switch node, drag the node to your workspace. You 
never have to start an Ethernet switch node; they’re always ready to use. 

To configure the switch, right-click the Ethernet switch node icon and 
select Configure. Using the Node configurator window shown in Figure 4-15, 
click the switch name (SW1, for example) to modify the default switch ports 
or add new ports. 

By default, there are eight access ports assigned to VLAN 1. To change 
a port, click the port number and modify the settings as needed. When 
you’re done, click Apply and OK. To add a new port, define the port set¬ 
tings and click the Add button; then click Apply. When you’re finished add¬ 
ing ports, click OK to complete the setup. 

One alternative to the Ethernet switch node is to configure a Dynamips 
router with a network switch module. The advantage of using a switch mod¬ 
ule is that it supports more features (such as the Spanning Tree Protocol); 
the downside is that using a network switch module uses more PC resources. 
If you need the functions of only a simple switch, I recommend you stick 
with the Ethernet switch node. If you need full IOS switching capability, use 
a router with a switch module installed like the EtherSwitch router, or use 
an IOU L2 switch image (discussed in Chapter 9). 
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Figure 4-15: Ethernet switch Node configurator window 


Changing Symbols and Organizing Your Devices 

You can change the symbols that are used to represent devices in your 
workspace and choose where your devices are located in the Devices tool¬ 
bar. Let’s say you want to change an IOS router’s symbol. To change the 
symbol of the device, select Edit ► Preferences on Linux and Windows or 
select GNS3 ► Preferences on OS X. Next, go under the device you want to 
change, right-click the device icon, and select Change symbol, as shown in 
Figure 4-16. 


O'* Preferences 


General | ios routers preferences 

GNS3 server _ 


Packet capture 

"General 


ypcs change sy moo l 

C3725 

"Dynamlps 

Server 

local 

IOS routers 

Platform: 

C372S 

"IOS on UNIX 

Image: 

c3725-adventerprisek9-mz.124-1 S.T14.image 

IOU devices 

Idle-PC: 

0x6026be14 

• VirtualBox 

Startup-config: 

/home/jneumann/.python-eggs/gns3_gui-1.2-py3. 

VirtualBox VMs 

Private-config: 

/home/jneumann/.python-eggs/gns3_gui-1.2-py3. 

"QEMU 

" Memories and disks 


QEMU VMS 

RAM: 

128 MiB 


NVRAM: 

2S6 KiB 


I/O memory: 

S% 


PCMCIA diskO: 

1 MiB 


PCMCIA diski: 

0 MiB 


Figure 4-16: Changing the symbol 


You can change the symbol for IOU devices, VirtualBox virtual 
machines, and QEMU virtual machines in the same way. The Symbol 
selection window, as shown in Figure 4-17, should appear after you click 

Change symbol. 
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Symbol selection 
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Figure 4-17: Symbol selection and device category 


To change a device symbol, scroll down in the Symbol selection window 
and select the symbol you want to use. Next, use the drop-down menu to 
choose a category. This is the category where the device will be placed in the 
Devices toolbar. The categories include Switches, Routers, End Devices, and 
Security Devices. When you’re finished, click OK to complete the change. 


Final Thoughts 

In this chapter, you learned the basics of setting up a GNS3 network, so 
now is a good time to create a few labs and practice what you’ve learned. If 
you’re studying for a Cisco certification, spending as much hands-on time 
as possible with Cisco gear is the only way to gain enough experience to 
pass the exams. (They’re tough!) 

Start by creating the network in Figure 4-1. After creating the topology, 
log on to the routers, configure their interfaces, and try pinging between 
them. Simulate a failure and recovery by using the suspend and resume fea¬ 
ture or by starting and stopping a device. Once you’ve explored some IOS 
commands and GNS3 features, try creating a simple CCNA lab with three 
or more routers; there are plenty of CCNA and CCNP example labs online. 

One last word of caution: if you create large topologies that use multi¬ 
protocol routing, you might find that you have to increase your router’s pro¬ 
tocol timers to prevent your interfaces from repeatedly going up and down. 
(It’s rare, but it does happen sometimes.) The problem is caused by the 
inherent effects of latency within Dynamips. Serial connections are another 
common problem area; some router images can be flaky when running on 
emulated serial ports. If you find a router’s serial port is acting up by either 
crashing your router or flapping the connection, try another router model 
or different IOS image. In general, c36xx, c37xx, and 7200 IOS images are 
the most stable with Dynamips and should be used whenever possible. 

In Chapter 5, you’ll explore the basics of capturing network packets 
with Wireshark and expanding your networks by adding hosts using VPCS, 
VirtualBox, and Linux. 
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INTEGRATING HOSTS 
AND USING WIRESHARK 


Up to this point, you’ve learned how 
to create networks using Cisco devices, 
but GNS3 can do so much more! It uses 
a robust set of network tools that allow you 
to integrate external applications into your GNS3 
projects. In this chapter, you’ll explore some of 

these tools by learning how to integrate PC hosts into projects using 
Virtual PC Simulator and VirtualBox. The chapter will also cover basic 
packet sniffing using Wireshark. 



Virtual PC Simulator 

One way to add hosts to your projects is with VPCS, a small application 
that simulates up to nine DOS-like PCs. VPCS hosts have a limited set of 
commands but are well suited for testing end-to-end connectivity across 
your GNS3 networks. VPCS uses very few PC resources, which allows you 
to add numerous hosts to projects without bogging down your PC. 


Installing VPCS 

If you’re running Windows or OS X, VPCS should have been included when 
you installed GNS3. If you’re using a Linux system, VPCS source code should 
have been included in your GNS3 for Linux download, but it will need to be 
compiled before you can use it. Compile and install it using the following 
commands, replacing x with the version number of your VPCS source hie: 


$ unzip vpcs-x.zip 
$ cd vpcs-x/src 
$ sh mk.sh 

$ sudo cp vpcs /usr/local/bin/ 


To use VPCS, drag a VPCS host node from End Devices on the Devices 
toolbar to your workspace. Before you can start a VPCS host, it must be con¬ 
nected to another device in your project. After starting a VPCS host and 
opening a console, you’ll be presented with a window similar to Figure 5-1. 


PCI 


1.PC1 X «&■ 


Trying 127.9.6.1... 

Connected to 127.0.0.1. 

Escape character is 


Welcome to Virtual PC Simulator 
Dedicated to Dating. 

Build time: Sep 25 2014 18:28:12 
Copyright (c) 2007-2014, Paul Meng 
All rights reserved. 

(mirnshi@gmail.com) 

VPCS is free software, distributed under the terms of the "BSD" licence. 
Source code and license can be found at vpcs.sf.net. 

For more information, please visit wiki.freecode.com.cn. 

Press ’?' to get help. 


Executing the startup file 


PC1> 



Figure 5-1: The VPCS console 


If you don’t see the VPCS console or if your application displays errors, 
verify that the program resides in /usr/local/bin/ (on Linux) and that the 
path has been set correctly in the GNS3 preferences. The developer pro¬ 
vides very little in the way of support or documentation, so if you continue 
to have problems, you may want to visit the GNS3 forums (http://community 
gns3.com /) for a possible solution. 

VPCS Commands 

The commands in VPCS are mostly self-explanatory, but I’ll cover a couple 
of them here to get you started. To see a full list of supported commands, 
you can enter a question mark, ?. To display the configuration of your hosts, 


48 Chapter 5 



you can enter the show command. To display the parameters for a specific 
command, enter the command name followed by a question mark. For 
example, entering ping ? would display all the options of the ping command. 


NOTE 


Like Cisco IOS, VPCS supports abbreviated command syntax. For example, the ping 
command can be entered as p. You can abbreviate any VPCS command, but you must 
enter enough letters of the command so that it’s unique from other commands that 
begin with the same letters. 


VPCS IP Addressing 

After launching VPCS, you need to configure the host for use with GNS3. 
Typically, this only requires setting the IP address, subnet mask, and gate¬ 
way address. 

VPCS supports IPv4 and IPv6 addressing. You can manually configure an 
IP address or acquire one automatically if a Dynamic Host Configuration 
Protocol (DHCP) server is running in your GNS3 project. To manually con¬ 
figure an IPv4 address, you would enter ip-address mask gateway. The follow¬ 
ing example sets an IPv4 address to 192.168.1.50 using a subnet mask of 
255.255.255.0 and sets the default gateway to 192.168.1.1: 

PCl> ip 192.168.1.50 255.255.255.0 192.168.1.1 


You can enter the same IPv4 address using Classless Inter-Domain 
Routing (CIDR) notation in place of a standard subnet mask, as shown here: 

PCl> ip 192 . 168 . 1.50 /24 192 . 168 . 1.1 


To manually configure an IPv6 address, enter the ip command followed 
by a valid IPv6 address and mask. The following example sets the IPv6 
address to 2014:12:la::50 using a 64-bit subnet mask: 


PCl> ip 20l4:l2:la ::50 /64 


To configure a host automatically using DHCP, enter the dhcp command 
for each host that requires an address, as in this example: 

PCl> dhcp 


Use the save command to save your VPCS settings with your GNS3 project. 


PCl> save 
. done 


The settings will be saved in the GNS3 projects folder under GNS3/ 
projects/<project_name>/project-files/vpcs/<vpcs_uuid>. Later, when you load 
your GNS3 project, the configuration settings will automatically be applied 
to the host. 
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To test VPCS, create a project using a VPCS host node and link it to 
some other device, like a router. Assign an IP address to your VPCS host 
and the other device, and then use ping or trace to test connectivity. If all 
goes well, you should receive a reply like the one in this example: 


PCl> ping 192.168.1.1 

192 . 168 . 1.1 icmp_seq=l ttl=255 time=35.82l ms 


After successfully pinging devices, you can examine the ARP cache 
(MAC address to IP table) using the arp command, as in the following: 


PCl> arp 

cc:00:05:a9:00:00 192 .168.1.1 expires in 114 seconds 


If a ping is unsuccessful, VPCS displays a “host not reachable” message: 


PCl> ping 192 . 168 . 1.1 

host ( 192 . 168 . 1 . 1 ) not reachable 


You can troubleshoot this by verifying that your router interfaces are up 
in GNS3 and checking that all the IP addresses and subnet masks have been 
correctly assigned. 

Another cause may be your PC’s firewall settings, especially if you’re 
using a Windows PC. In general, disabling your firewall entirely while work¬ 
ing with GNS3 is a good idea and might resolve this and other issues. 


VirtualBox 

VPCS is a great tool for adding simple hosts to GNS3 and testing connec¬ 
tivity, but sometimes you need a host that’s running a real operating system 
rather than a simulated one. This is where VirtualBox comes in. VirtualBox 
can run most PC-based operating systems, including Windows, Linux, 
FreeBSD, and others. It’s also useful for running network operating sys¬ 
tems such as Arista vEOS, Juniper Firefly, and NX-OSv. 

The upside to using VirtualBox is that it provides you with hosts run¬ 
ning actual operating systems; the downside is that those operating systems 
may need substantial resources from your PC. If all you need to do is test 
connectivity, then stick with VPCS, but if you need a host that provides a 
robust set of network utilities (to test the security of your GNS3 network, for 
example) or to run some other router or switch OS, then you might want to 
use VirtualBox. 

Installing on Windows 

To install VirtualBox on Windows, download the appropriate installer from 
the VirtualBox website {http://www.virtualbox.org/). Launch the installer and 
click Next when you see the Welcome screen to bring up a customization 
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window. Make any desired customizations here and follow the onscreen 
instructions to complete the installation. I recommend accepting the default 
values to ensure that VirtualBox runs correctly with GNS3. 

After the installation completes, you can launch the application by using 
the Windows Start menu or by clicking the VirtualBox icon. 

Installing on OS X 

To install VirtualBox on OS X, download the appropriate installer from 
the VirtualBox website ( http://www.virtualbox.org/ ) and launch it. When the 
VirtualBox installation screen appears, double-click the VirtualBox.pkg 
icon and follow the onscreen instructions. The installation requires 
elevated privileges, so have your administrator password handy. Once 
the package is installed, you can launch it from your Applications folder 
by double-clicking the VirtualBox icon. 

Installing on Linux 

VirtualBox is supported on most Linux distributions, but check your Linux 
package manager to verify that it’s supported on your specific platform. 
On Ubuntu and most other Debian-based Linux systems, use the apt-get 
utility to update your package manager and install the latest version of 
VirtualBox. Be sure that you have Internet access and enter the following 
from a terminal window: 


$ sudo apt-get update 
$ sudo apt-get install virtualbox 


Once the utility is installed, you can launch it either by opening a ter¬ 
minal window and entering virtualbox or by launching it from your Linux 
window manager. 

Importing Appliances 

A VirtualBox appliance is a preconfigured virtual machine, often running a 
custom Linux distribution, that you can use in your GNS3 projects. Using a 
real operating system gives you more commands and greater flexibility than 
using a simulator like VPCS. You can download preconfigured VirtualBox 
appliances from the GNS3 website under the Download section. 

Appliances need to be imported into VirtualBox before you can use 
them. Appliance package names end in .ova, which stands for Open Virtual 
Appliance, and are often referred to as OVA hies. To import an appliance, 
launch VirtualBox, and you'll be presented with the VirtualBox Manager 
window. From the VirtualBox Manager, you can import or create new vir¬ 
tual machine guests and manage all of your installed guest operating sys¬ 
tems. Importing an appliance is a fast and easy way to add a guest because 
the configuration and installation of the operating system has already been 
done for you. 
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The appliances found on the GNS3 website are often optimized to use 
fewer PC resources than a standard installation of the same operating 
system. Unfortunately, this means your appliance might not have all the 
commands or tools you need, but you should be able to update or install 
additional software through its software package manager. 

In Figure 5-2, you can see that VirtualBox has been configured with 
one guest (Linux Microcore). 

Q Details a Snapshots 

@ Cenerat 11 Preview 

Name: Linux Microcore 4.7.1 

Operating System: Linux 2.6 / 3.x (32 bit) 

[&) System 

Base Memory: 64 MB 
Boot Order: Hard Disk 
Acceleration: VT-x/AMD-V, Nested 
Paging 

@ Display 

Video Memory: 8 MB 

Remote Desktop Server: Disabled 
Video Capture: Disabled 

H Storage 

Controller. SATA 

SATA Port 0: Linux Microcore 4.7.1 -diskl .vmdk (Normal, 1.00 CB) 

Audio 
Disabled 

# Network 

Figure 5-2: VirtualBox Manager showing an imported Linux guest OS 

Selecting the guest OS displays basic information about the guest’s 
configuration, such as the base memory and how much disk space has 
been assigned to the virtual machine. To modify the settings of a virtual 
machine, highlight the guest and click Settings in the toolbar. Just like 
real PCs, virtual PC guests often run better when given more resources, 
such as memory or additional CPU cores. 

To import a VirtualBox guest appliance, download an image hie and 
copy it to a folder in your user directory. Launch VirtualBox and select 
File ► Import Appliance; then click Open Appliance and browse to the 
location where you saved the hie. Select the image hie and click Continue 
followed by Import to complete the process. To test your VirtualBox guest, 
click Start, and your OS should boot up and run like a normal PC. 

After testing your newly imported OS, you’re ready to conhgure the 
GNS3 VirtualBox preferences. 

VirtualBox Preferences 

To manage VirtualBox guests, GNS3 uses the VBoxManage application. 
This program is automatically installed when you install VirtualBox. Before 


Linux Microcore 
4.7.1 


O Q & 

New Settings Start 
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adding a VirtualBox guest to GNS3, verify the path to VBoxManage. 
Launch GNS3, select GNS3 ► Preferences on OS X or Edit ► Preferences 
on Windows and Linux, and then click VirtualBox to reach the window 
shown in Figure 5-3. 


O Preferences 


General 

Server 

Packet capture 
VPCS 

* Dynamips 
IOS routers 


*IOS on UNIX 
IOU devices 



VirtualBox VMs 


*QEMU 

QEMU VMs 



General settings 

Use the local server 
Path to VBoxManage: 

|/usr/bin/vboxmanage Browse... 


Restore defaults 


Apply 


Figure 5-3: VirtualBox General Settings tab 


On Ubuntu Linux, the path on the General Settings tab should be set 
to /usr/bin/vboxmanage. Adjust the path as necessary and then click Apply 
and OK. On Windows and OS X, the VBoxManage path shouldn’t need to 
be changed. 

Unchecking Use the local server will allow you to choose a local or 
remote GNS3 server when creating a VirtualBox host. Leaving the box 
checked ensures that VirtualBox guest will always run locally on your PC. 

If you experience problems while starting a VirtualBox host or open¬ 
ing a console connection to a host, one or more of the default console port 
numbers may already be in use by another application running on your 
PC. To fix this, try closing the offending application or disabling your PC 
firewall. Another possible cause might be that the VirtualBox guest you’re 
using isn’t configured to accept console connections. 


VirtualBox Virtual Machine Settings 

After configuring (or at least reviewing) the VirtualBox preferences in GNS3, 
you need to set up one or more VirtualBox hosts to use in your projects. 
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Begin by selecting VirtualBox VM from the left pane. Click New and select 
your VirtualBox virtual machine from the VM list drop-down menu, as 
shown in Figure 5-4. 


O New VirtualBox VM 


VirtualBox Virtual Machine 

Please choose a VirtualBox virtual machine from the list. 

VM list: Linux Microcore 4.7.1 
□ Use as a linked base VM (experimental) 


Finish Cancel 



Figure 5-4: New VirtualBox VM screen 


Click Finish to complete the installation. You should see the currently 
assigned settings for the virtual machine, as shown in Figure 5-5. 


O ^ Preferences 


General 

1 VirtualBox VMs preferences 

GNS3 server 




Packet capture 


1 Linux Mlcroco... 


• General 

VM name: Linux Microcore 4.7.1 

Server: local 

Remote console enabled: True 

* Dynamips 

IOS routers 


Windows7 


’ios on UNIX 




Headless mode enabled: 

True 

IOU devices 




Linked base VM: 

False 

* VirtualBox 




* Network 






Adapters: 

2 

T QEMU 

QEMU VMS 




Start at: 

Type: 

0 

Intel PRO/1000 MT Desktop (82S40EM) 


New Edit _J i _ Delete 

Apply _j Cancel —-Ofr 


Figure 5-5: VirtualBox VMs preferences 
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By default your virtual machine device can be found under End 
Devices in the Devices toolbar. By right-clicking the virtual machine icon 
in the Preferences window (Linux Microcore in this example), you can 
assign a different icon to the virtual machine and choose where it will 
reside in the Devices toolbar. This allows you to better organize all your 
GNS3 devices. 

To modify the settings of a virtual machine, select the virtual machine and 
click Edit. In most cases you’ll want to go to the General settings tab and 
select the Enable remote console and Start VM in headless mode boxes, as 
shown in Figure 5-6. The first option allows you to access the console of a 
running virtual machine from GNS3’s assigned terminal application; the 
second option suppresses VirtualBox from opening a console window when 
you start a virtual machine in GNS3. 


VirtualBox VM configuration 


Linux Microcore 4.7.1 

General settings Network 

& Enable remote console 
start VM In headless mode 
□ Use as a linked base VM (experimental) 


Cancel 


Figure 5-6: VirtualBox VM configuration's General settings tab 


To modify network settings, click the Network tab. You can change 
the number of adapters installed in the virtual machine, the starting 
adapter number (usually 0 or 1), and the type of adapter installed in the 
virtual machine. When you’re finished, click Apply and OK to save the 
modifications. 

After you have configured a virtual machine guest operating system, 
you can use it in your GNS3 projects. 

Using VirtualBox Hosts in a Project 

To add a VirtualBox host to a project, drag a VirtualBox host node icon 
from the End Devices window to your GNS3 workspace. 

A VirtualBox host can be used only one time per GNS3 project. If you 
want to use a particular VirtualBox host more than once, launch VirtualBox 
and use the Clone feature to create a cloned copy of the virtual machine. 
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Then, launch GNS3 and follow the same steps outlined earlier to configure 
the cloned host under VirtualBox Preferences. The next time you add a 
VirtualBox host node to your workspace, the cloned OS will be available. 

After a VirtualBox host node has been added to your workspace, you’re 
ready to link it to other GNS3 devices. 

Linking VirtualBox Host Nodes to Other Devices 

To add a link between a VirtualBox host node and another device, click the 
Add a Link toolbar icon; then click your VirtualBox host node and choose 
an interface to use for the link. Select another device and choose an inter¬ 
face to complete the connection. 

To boot the host, right-click the VirtualBox host node icon and select 
Start. Test the connection by configuring an IP address on your VirtualBox 
host and the device to which it’s linked; then use the ping command to 
verify connectivity. 

On most Linux systems, like Microcore, you can manually configure 
an IP address and default gateway using the ifconf ig and route commands. 
To see a list of available network interface cards (NICs) in Linux, use the 
ifconf ig command without any configuration options. 


$ ifconfig 

etho Link encap:Ethernet HWaddr 08:00:27:7F:9l:OA 

UP BROADCAST MULTICAST MTU:1500 Metric:1 
RX packets:0 errors:0 dropped:0 overruns:0 frame:0 
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 
collisions:0 txqueuelen:l000 
RX bytes:0 (0.0 B) TX bytes:0 (o.o B) 

Interrupt:10 Base address:0xd020 

ethl Link encap:Ethernet HWaddr 08:00:27:C5:FC:66 

UP BROADCAST MULTICAST MTU:1500 Metric:1 
RX packets:0 errors:0 dropped:0 overruns:0 frame:0 
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 
collisions:0 txqueuelen:l000 
RX bytes:0 (0.0 B) TX bytes:0 (o.o B) 

Interrupts Base address:0xd060 


NOTE 


Not all Linux systems use theifconfig or route command to configure TCP/IP, but 
most do. If these comman ds aren ’t available with your distribution, check your Linux 
documentation to see how to configure an interface. 


If you’re using a Windows PC virtual machine, you can manually config¬ 
ure an IP address by opening the Network and Sharing Center and clicking 
Change Adapter Settings. Right-click the adapter you want to configure and 
select Properties to modify the TCP/IP settings, as shown in Figure 5-7. 
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Internet Protocol Version 4 (TCP/IPv4) Properties |- ff |[^u| 

General |_ 

You can get IP settings assigned automatically if your network supports 
this capability. Otherwise, you need to ask your network administrator 
for the appropriate IP settings. 

0 Obtain an IP address automatically 
£ Use the following IP address: 

IP address: 192 . 168 . 1 . 50 

Subnet mask: 255 . 255 . 255 . 0 

Default gateway: 192 . 168 . 1 . lj 

Obtari DNS server address automatically 

@ Use the following DNS server addresses: 

Preferred DNS server: 

Alternate DNS server: 

□ Validate settings upon exit ] Advanced... ] 

OK Cancel 


Figure 5-7: Windows TCP/IP interface properties 

Enter your IP address information and click OK when finished. If you 
have a DHCP server configured in your GNS3 project, you can leave the 
fields blank and choose Obtain an IP address automatically instead. 

Simple VirtualBox Project Using a Linux Virtual Machine 

Now that you’ve added a Linux VirtualBox virtual machine to GNS3, 
let’s create a simple project that networks the host to a Cisco IOS router. 
Begin by creating the project in Figure 5-8. Drag a VirtualBox Linux host 
and Dynamips router to your workspace and link them together using an 
Ethernet switch node. 

Linux Microcore 4.7.1 



2 



Figure 5-8: VirtualBox host and Cisco IOS router project 
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Start the devices and begin configuring your project by assigning an IP 
address to interface ethO of the VirtualBox Linux host. Right-click the Linux 
Microcore node and select Console to open the terminal. From the Linux 
terminal shell, enter the following command to assign the IP address: 


$ sudo ifconfig ethO 10.1.1.1 netmask 255.255.255.0 up 


Next, open a console to router Rl, assign an IP address to interface f0/0, 
and bring up the interface. 


Rl# configure-terminal 
Rl(config)# interface fo/o 

Rl(config-if)# ip address 10.1.1.2 255.255.255.0 

Rl(config-if)# no shutdown 

Rl(config-if)# exit 

Rl(config)# exit 

Rl# 


Finally, test connectivity by pinging your Linux host’s IP address from 
router Rl. 


Rl# ping 10.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to lo.l.l.l, timeout is 2 seconds: 

! ] 111 

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/16/32 ms 


Now let’s take a look at how you can use Wireshark to analyze packets 
on your GNS3 networks. 


Wireshark 

Wireshark is one of the most robust packet analysis tools available to net¬ 
work engineers, and it’s free! A packet analyzer, sometimes called a packet 
sniffer, is software that allows you to capture IP packets as they traverse 
your network. You can then open the packets to reveal and analyze their 
contents. Packet sniffers like Wireshark are used to troubleshoot network¬ 
ing protocols, thwart hackers, and even identify viruses, but they are often 
overlooked by beginners. If you’re an aspiring networking engineer, using 
GNS3 and Wireshark together is an excellent way to learn the ins and outs 
of networking and how network protocols work. 

Installing on Windows 

If you installed GNS3 using the Windows all-in-one installer, then Wireshark 
should already be installed. If you’re using OS X or Linux, then you need to 
download and install Wireshark manually. 
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NOTE 


Installing on OS X 

Before installing Wireshark on OS X, you need to install XQuartz, an OS X 
version of the X Window System that’s similar to X.Org on Linux systems. 

Download the appropriate version of XQuartz from the Mac OS Forge 
website ( http://xquartz.macosforge.org /). Double-click the installer and then 
click the XQuartz.dmg installer package. Click Continue until you reach 
the welcome screen, and then click I Agree and Install to complete the 
installation. 

Next, download and install Wireshark from the developer website 
( http://www.wireshark.org /). Double-click the downloaded hie, followed by 
the wireshark.dmg installer package. At the welcome screen, click Continue, 

I Agree, and Install to complete the installation. 

The first time you launch Wireshark, OS X will ask for the location 
of the X Window program. From the File window, click Browse, navigate 
to the Applications/Utilities folder, and then select XQuartz. 

The first time you launch Wireshark, XQuartz opens an Xterrn window but not 
Wireshark. This strange quirk is easily corrected by closing XQuartz and relaunch¬ 
ing Wireshark. It may take a moment to open, but this is normal. When the applica¬ 
tion starts, you should see the Wireshark welcome screen. 

Now that Wireshark is installed, let’s look at how to capture packets 
from devices in your projects. 

Installing on Linux 

To install the latest version of Wireshark using the Advanced Package 
Tools on Ubuntu Linux, open a terminal program and enter the following 
commands: 


$ sudo apt-get update 
$ sudo apt-get install wireshark 


Confirm the installation when prompted, and the package will be 
installed. After the process has completed, Wireshark should be ready to use. 

Capturing Packets in GNS3 

To begin capturing packets, right-click a link between two devices and 
select Start Capture, as shown in Figure 5-9. (To stop a capture, right-click 
the same link and select Stop Capture.) 


R1 R2 



u Delete 


Figure 5-9: Start capturing packets. 
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GNS3 prompts you for the source device, the interface name, and the 
encapsulation type to use for capturing data. You can capture data on Ethernet 
and serial interfaces. On Ethernet connections, you can choose only Ethernet 
encapsulation: DLT_EN10MB, but on serial connections, you can choose 
Cisco HDLC encapsulation: DLT_C_HDLC, Cisco PPP encapsulation: DLT 
PPP_SERIAL, or Frame Relay encapsulation: DLT_FRELAY. 

To capture standard Cisco serial data (High-Level DataLink Control), 
choose HDLC; to capture serial Point-to-Point Protocol data, choose PPP; 
and to capture Frame-Relay data, select FRELAY. Use the drop-down menu 
to make your selection, as shown in Figure 5-10. 


R1 R2 



Figure 5-10: Source selection for capturing serial packets 

After making a selection and clicking OK, GNS3 will open Wireshark 
and begin capturing packets, as shown in Figure 5-11. Notice that the 
Wireshark window is divided into three distinct panes. 

© Packet List pane 

The top pane of the window is dedicated to displaying individual packets 
as they’re being captured. Packet fields are displayed across the top and 
include the packet sequence number (No.), timestamp (Time), source 
IP address (Source), destination IP address (Destination), protocol name 
(Protocol), frame length size (Length), and information held (Info). 
Packets containing different protocol types are displayed in different 
colors to help identify them. 

© Packet Details pane 

After a packet is selected from the packet list, details about the proto¬ 
cols and protocol fields of the packet are displayed in the middle pane. 
You can expand and collapse the fields to show or hide their details. 
The displayed held names are specihc to the type of packet being cap¬ 
tured and will change from one packet type to another. 

© Packet Bytes pane 

The lower pane of the main window displays the raw data in hexa¬ 
decimal format, with ASCII characters displayed to the right. This is 
what the data looks like natively as it crosses the network. Wireshark 
allows you to view this information in either hexadecimal or binary. 


Packet capture 


Please select a port: 


R2 port SenalO/O (Frame Relay encapsulation: DLTFRELAY) 

I R2 port SenalO/O (Cisco PPP encapsulation: DIT_PPP_S£RIAL) 
^ R1 port Serial0/0 (Frame Relay encapsulation: DIT_FRELAY) 
R1 port SenalO/O (Cisco HDLC encapsulation: DLT_C_HDLC) 

R2 port Serial0/0 (Cisco HDLC encapsulation: DLT_C_HDLC) 
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Capturing from Standard input [Wireshark 1.10.6 (vl.10.6 from master-1.10)] 


e ® i ■ 
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Filter: 


* Expression... Clea 

Apply Save 

No. Time 
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►Ethernet II, Src: C2:02:27:8b:e0:00 (c2:02:27:8b:00:00), Dst: IPv4mcast 00:00:0a (01:00:5e:00:80:0a) 

►Internet Protocol Version 4. Src: 10.1.1.2 (10.1.1.2), Dst: 224.0.6.10 (224.0.0.16) 
tC isco EIGRP 

Version: 2 

Opcode: Hello (5) 

Checksum: 6xeec2 [correct] 

►Flags: 6x66666668 

Sequence: 6 

Acknowledge: 6 

Virtual Router ID: 6 (Address-Family) 

Autonomous System: 16 
► Parameters 

►Software Version: EIGRP=12.4, TLV=1.2 


3c 00 00 00 00 02 58 cc 9d Oa 01 01 02 e0 H -.>. 

2^W0 0a 02 05 ee C2 00 00 00 00 00 00 00 00 00 OoH. 

l'®00 00 00 00 00 oa 00 01 00 0C 01 00 01 00 00 00* . 


©@T Frame (frame), 74 bytes Packets: 10 -Displayed: 10(100.0%) 

Profile: Default 



Figure 5-11: Simple Wireshark capture from CNS3 


If you don’t see any packets displayed in the packet list, close Wireshark 
and stop the capture. Be sure your router interfaces are up and have been 
assigned IP addresses and then restart a capture and start Wireshark again. 


NOTE 


To learn more about using Wireshark, I highly recommend reading Practical Packet 
Analysis, 2nd Edition by Chris Sanders (No Starch Press, 2011). You could even 
become a Wireshark Certified Network Analyst (WCNA). 


To change the default behavior of Wireshark in GNS3, go to Preferences 
and select Packet Capture. To prevent GNS3 from automatically starting 
Wireshark when you capture packets, uncheck Automatically start the 
packet capture application, as shown in Figure 5-12. 

You have the option to save packet captures and analyze them later. 

To do so, select Wireshark Traditional Capture from the drop-down menu 
(under Preconfigured packet capture reader commands) and then click 
Set, Apply, and OK. Now when GNS3 captures data, it will automatically 
save the captured hies in a directory named captures within your project 
folder, as in GNS3/projects/<project_name>/project-files/captures/. 

To review saved packet captures, launch Wireshark on your PC, select 
File ► Open, browse to the captures folder, and select a capture hie. The 
.pcap capture hies will be named after the GNS3 devices involved in the 
capture, as in Rl_FastEthernet0-0_to_R2_FastEthernet0-0.pcap. 
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Preferences 


General 

Server 

Packet capture 
VPCS 

’ Dynamlps 
IOS routers 
*IOS on UNIX 
K>U devices 
* VlrtualBox 
VlrtualBox VMs 
"QEMU 

QEMU VMS 


Packet capture preferences _ 

Settings 

Preconfigured packet capture reader commands: 

Wireshark Live Traffic Capture _jj Set 

Packet capture reader command: 
tail-f -c *Ob %c | wireshark -k -i ■ 

D Automatically start the packet capture application 
Packet capture analyzer command: 


Restore defaults 


Apply 


Figure 5-12: Wireshark capture preferences 


To learn more about Wireshark, check out the online User’s Guide 
{http://www.wireshark.org/docs/wsug_html_chunked/). It’s well organized and 
provides a lot of information about using the software. 


Final Thoughts 

One key aspect of GNS3 is its modular design and ability to expand projects 
using other open source software. Using VPCS, you can add a large number 
of simple PC hosts, and with VirtualBox you can run hosts using full-blown 
operating systems such as Linux. This feature makes GNS3 very expand¬ 
able because any network operating system that runs in VirtualBox can be 
added to your GNS3 projects. 

Wireshark is one of the most underutilized tools around, but it’s also 
one of the most powerful. With Wireshark, you can dig deep and really see 
what’s happening on your networks. Whether you’re new to networking or 
already network certified, breaking out Wireshark and examining packets is 
a great way to hone your skills and increase your understanding of network 
protocols. 

In Chapter 6, you’ll look at Quick Emulator, another open source PC 
emulator, and use it to create a special PC version of Juniper’s Junos OS 
known as Juniper Olive. Juniper Olive allows you to add fully functional 
Juniper routers to your GNS3 projects. 
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JUNIPER OLIVE 
AND VSRX FIREFLY 


You can install and run Juniper routers 
with GNS3 in several ways. In this chapter, 

I show you how to use VirtualBox and 
Quick Emulator (QEMU) to create GNS3- 
ready Juniper devices and then install Juniper’s vSRX 
Firefly firewall. 

QEMU is an open source PC emulator similar to VirtualBox. It’s less 
polished but has many powerful features and is fully integrated into GNS3. 
Using QEMU, you can run many network operating systems including Cisco 
ASA, IDS, IOS-XR, NX-OSv, and a special version of Juniper’s Junos OS 
known as Juniper Olive. In this chapter, I focus only on Juniper. 



Installing QEMU on Windows and OS X 

If you installed GNS3 on Windows or OS X, then QEMU should have been 
installed for you already. The GNS3 installer may have installed two versions 
of QEMU: a stable version that was configured automatically during the 


GNS3 installation and a newer version that contains additional, untested 
features. If you need your projects to be completely stable, I recommend 
using only the preconhgured version. 

If you installed GNS3 using the defaults outlined in Chapter 2, you 
should find the QEMU applications under C:\ProgmmFiles\GNS3\qemu-0.13.0 
on both 32-bit and 64-bit Windows systems, but keep in mind that this 
directory will change as new versions of QEMU are introduced and added 
to GNS3. On OS X, you should find QEMU under /Applications/GNS3.app/ 
Contents/Resources/qemu/bin/ 


Installing QEMU on Linux 

QEMU on Ubuntu can be installed using a package or compiled from 
source code. To install from a package, update your package manager and 
install QEMU from the command line. 


$ sudo apt-get update 
$ sudo apt-get install qemu 


Alternatively, you can install the qemu-system-x86 package. This is a much 
smaller installation that should be capable of running any operating system 
that you want to use with GNS3. To install the x86 architecture-only version 
of QEMU, use the following commands: 


$ sudo apt-get install qemu-system-x86 
$ sudo apt-get install qemu-utils 


You may want to compile QEMU from source code, depending on 
what version of QEMU is available for your system. Although precompiled 
packages of QEMU exist on many Linux distributions, they may not be the 
newest version available and may not include the GTK toolkit that provides 
the QEMU graphical user interface. In that case, you can access the QEMU 
interface by installing a VNC viewer program, like GNC Viewer. 

When you install from source code, you also have to install other pack¬ 
ages required by QEMU before compiling the source. Update your package 
manager and install these packages now: 


$ 

sudo 

apt-get 

$ 

sudo 

apt-get 

$ 

sudo 

apt-get 

$ 

sudo 

apt-get 

$ 

sudo 

apt-get 

$ 

sudo 

apt-get 

$ 

sudo 

apt-get 

$ 

sudo 

apt-get 

$ 

sudo 

apt-get 


update 

install flex 
install bison 
install zliblg-dev 
install libglib2.0-dev 
install libgtk2.0-dev 
install libncurses5-dev 
install libpcap-dev 
install dh-autoreconf 
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Next, download the QEMU source code from the QEMU website 
( http://www.qemu-project.org /) and unzip the hie, as shown here: 


$ wget http://www.qemu-project. 0 rg/download/qemu- 2 .l. 2 .tar.bz 2 
$ bunzip2 qemu-2.l.2.tar.bz2 
$ tar xvf qemu-2.l.2.tar 


After unzipping the hies, move to the QEMU installation directory and 
enter the configure and make commands to compile the source code. 


$ cd qemu-2.1.2 
$ ./configure 
$ make 


Finally, complete the process by installing the compiled hies on your 
system. This must be done using elevated root privileges. 


$ sudo make install 


When the installation is complete, you should find QEMU binaries 
under /usr/local/bin/, and the QEMU support hies should be in the 
/usr/local/share/qemu/ directory. 

With QEMU installed, you’re ready to start creating and using QEMU 
devices in GNS3. 


Introducing Juniper 

Most people have heard of Cisco, but relatively few have heard of Juniper 
Networks. Like Cisco, Juniper produces a wide range of networking hard¬ 
ware, and Internet service providers use its extremely high-throughput 
devices to efficiently route billions of packets for their customers. 

All Juniper devices are designed around a common FreeBSD code 
base, though not every Juniper device runs the FreeBSD operating system. 
Instead, they use its kernel only as a framework for another operating sys¬ 
tem known asjunos OS. However, because Junos OS is designed around 
FreeBSD, you can run a special version of the software on your PC called 
Juniper Olive. 

Juniper Olive is a functional version of Junos OS. Because it runs on 
a regular PC and not an actual Juniper chassis, it lacks the proprietary 
ASIC hardware to achieve the high throughput of a real Juniper device. 
Otherwise, it’s the real deal and not a simulation of the operating system. 
This makes it well suited for studying for the Juniper Networks Certified 
Associate (JNCIA) certification and other entry-level certifications. 
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NOTE 


Juniper provides a nother virtual router called vMX that runs on bare-metal x86 
hardware or as a virtual machine using QEMU, VirtualBox, or VMware, which 
allows it to be integrated into GNS3. It’s what Juniper calls a scalable ‘pay as you 
grow” solution. 


( -j 

JUNIPER EXTENDS AN OLIVE BRANCH 

Juniper Olive is rumored to be an in-house version of Junos OS that's meant to 
be used only by Juniper developers and not intended for public consumption, 
but only Juniper knows for sure. If you contact the company, you'll be told it's an 
"unsupported version." Juniper won't provide you with the software, and Juniper 
certainly won't give you any support. However, GNS3 fully supports Juniper 
Olive integration, allowing you to add Juniper routers to your GNS3 projects. 

* _ / 


Installing Juniper 

It’s been said that if you give a person a fish, you feed them for a day, but if 
you teach a person to fish, you feed them for a lifetime. This adage holds 
true when creating a Juniper Olive, so let’s go fishing! Although there are 
many ways to configure and install Olive (including scripts that automate 
the process or preconfigured virtual machines that can be found on the 
Internet), learning to do it manually allows you to adjust the parameters as 
necessary when new Olive versions become available. 

When used with GNS3, the Juniper Olive software is often installed using 
VirtualBox or QEMU. In this section, you’ll work with QEMU, but before you 
can create an Olive, your system must meet the following requirements: 

• 8GB available disk space 

• 1024MB available memory for QEMU/Juniper 

• QEMU installed on your system 

• FreeBSD-4.11 mini ISO 

• Juniper Olive software 

Let’s look at how to create an Olive and where to get the software to do it. 

Process Overview 

The Juniper Olive installation software works a lot like a common parasite, 
with FreeBSD as its unsuspecting host. To create an Olive, you’ll install a 
copy of FreeBSD using QEMU or VirtualBox. Next, you’ll copy a gzipped 
tarball of the Juniper Olive software to your FreeBSD virtual machine. 


66 Chapter 6 







There, you’ll unzip the package and make a small modification, and then 
you'll zip the hies back into a FreeBSD installable package. Finally, you’ll 
install the package and reboot the FreeBSD system. 

This is where things get interesting. The first time you boot your system, 
the Juniper Olive software invades its FreeBSD host. It will repartition the 
FreeBSD hard disk, copy new Hies to the system, and keep any FreeBSD Hies 
that it needs. When it’s finished, you should have a functional Juniper router. 


Acquiring FreeBSD 

A FreeBSD CD image is required to install FreeBSD with QEMU. Several 
versions are available that are suitable for creating Juniper Olive, but I rec¬ 
ommend a mini ISO. It contains all the necessary files, and it’s the fastest 
to download. Download the 4.11-RELEASE-i386-miniinst.isofde from the 
FreeBSD archive ( ftp://ftp-archive.freebsd.org/). I recommend this FreeBSD 
version instead of more recent ones because it seems to work well with 
almost any Olive version. 


NOTE 


You can find a ready-to-use QEMU (and VirtualBox) image with FreeBSD already 
installed at the GNS3 website (http://www.gns3.com/) in the Download section, 
under QEMU appliances. 


Acquiring Juniper Olive Software 

Next, you need to acquire the Juniper Olive software. The software is 
available as a FreeBSD installable package and should have a name like 
jinstall-12.1R1.9-domestic-olive.tgz. Because Juniper Olive is not supported by 
Juniper, you cannot get a copy of the software directly from Juniper. 


Creating a Juniper Olive CD Image File 

After you have the Juniper Olive software, you need a way to copy the pack¬ 
age to your FreeBSD virtual machine to install it. There’s more than one 
way to do this, but the simplest way is to mount an ISO image file on your 
FreeBSD virtual machine, just as you would a regular CD. Before you can 
do that, you have to create your own ISO image of the Olive software. 

Creating an ISO in Windows 

To create an ISO image file using Windows, you first need to install ISO 
image creation software. I recommend ISO Recorder (http://isorecorder 
.alexfeinman.com/isorecorder.htm). It’s free, easy to install, and works well. 
Download the software and launch the installer. Then click Next and follow 
the prompts to complete the installation. 

After installing ISO Recorder, you should be able to create an ISO 
image of the Juniper Olive software. Create a folder and copy your gzipped 
Olive file into the folder (warned juniper-olive, for example). Then, right-click 
the folder and select Create ISO image file. 
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The ISO Recorder Creation Wizard appears, as shown in Figure 6-1. 


f) Record CD/DVD 



Create image 

O Windows CD Burning area 

C: VJsers\jneumann\AppData V-Ocal V^licrosoft\Windows^urn^urn 


#) Directory 

C: VJsers\jneumannpesktop\juniper-olive 
Target 

C: VJsers \jneumann pesktop \juniper-olive. iso 


0 

y 


Image format 

Volume label 
juniper-olive 



Boot Image 
O Indude 


[ Cancel | [ Next | 


Figure 6-1: ISO Recorder Creation Wizard 

Under Create image, select the Directory radio button, change the 
Image format to CD, click Next, and follow the prompts to create your ISO 
image. After you have a Juniper ISO, you’re ready to install Juniper Olive 
on Windows. 


Creating an ISO in OS X 

On computers running OS X, copy your Juniper image Hie to a folder and 
use hdiutil to create an ISO image of the folder’s contents. In the following 
listing, I’ve created an ISO image file named juniper-olive.iso using a folder 
named JUNGS: 


$ mkdir JUNOS 

$ cp jinstall-l2.lRl.9-domestic.tgz JUNOS 
$ hdiutil makehybrid -iso -joliet -o juniper-olive.iso 1UN0S 


Now that you have a suitable ISO of the Olive software, you’re ready to 
install Juniper Olive on OS X. 

Creating an ISO in Linux 

Creating an ISO image on Ubuntu Linux is almost the same as on OS X, 
except you use the mkisofs application. Copy your Juniper image file to a 
folder ( JUNOS , for example) and enter the following commands to create 
the ISO: 


$ mkdir JUNOS 

$ cp jinstall-l2.lRl.9-domestic.tgz JUNOS 
$ mkisofs -o juniper-olive.iso JUNOS 
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Now that you have your ISO, there are only a few things left to do before 
you create a Juniper Olive. 


Installing and Configuring FreeBSD Using QEMU 

The first step in creating ajuniper Olive is to create a QEMU virtual 
machine of FreeBSD. QEMU doesn’t have a graphical user interface, so 
you'll do everything from the command line. You will use the qemu-img pro¬ 
gram to create a virtual disk image Hie and the qemu program to install and 
test your virtual machine. 


NOTE 


Not all QEMU installations are alike. On some installations, the QEMU application 
file might he named qemu-system-i386 or qemu-system-x86_64, or you may have 
both installed. If you’re unsure, check your QEMU installation directory. 


Preparing Your Build Directory 

Start by creating a build directory and then copy the FreeBSD installation 
ISO and the Juniper Olive ISO files to the directory, as in the following 
example: 


$ mkdir Juniper 

$ cp 4.ll-RELEASE-i386-miniinst.iso Juniper 
$ cp juniper-olive.iso Juniper 


If you’re using Windows, open a command prompt window and enter 
the following commands instead: 


c: mkdir Juniper 

c: copy 4.ll-RELEASE-i386-miniinst.iso Juniper 
c: copy juniper-olive.iso Juniper 


Now that everything is prepped in your build directory, you can begin 
installing the system. 

Installing a Junos-Friendly FreeBSD System 

In this section, you’ll create a virtual hard disk using qemu-img and install 
FreeBSD on the virtual disk. I’ll only cover the basics of preparing FreeBSD 
for Olive and won’t go into a lot of detail about FreeBSD itself. 

Preliminary Checks (or Windows and OS X 

If you’re a Windows user, install the Telnet Client application from the 
Programs and Features Control Panel before you begin. 

If you’re a OS X user, you’ll want to add the QEMU file directory to 
your OS X search path. Verify the installation path to your QEMU files. If 
you installed QEMU manually, you should look for the qemu-img file in 
/opt/local/bin or /usr/local/bin. If you’re using QEMU that was installed 
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with GNS3, you should find the Hie under /Applications/GNS3.app/Contents/ 
Resources/qemu/bin/. Enter the following commands to add the QEMU bina¬ 
ries to your OS X search path. Make a backup copy of your .bash profile file 
before you begin. 

$ cd ~ 

$ cp .bash_profile .bash_profile-backup 

$ sudo echo 'export PATH=/Applications/GNS3.app/Contents/Resources/qemu/ 
bin:$PATH' >> .bash_profile 


After entering the commands, close and reopen a terminal window to 
enable the new search path. To verify your path is correct, enter the follow¬ 
ing command: 


$ echo $PATH 


The previous command will display your path configuration. If it’s not 
correct, you may need to restore your ,bash_profile-backup file and try again. 
If it is correct, then you’re ready to move on. 

Getting Started 

Begin the installation by creating an 8GB virtual disk image file named 
juniper.img in your build directory. The qemu-img command options used 
here should work on all Unix-like systems. 


$ cd Juniper 

$ qemu-img create juniper.img 8G 


Next, boot QEMU from the FreeBSD mini ISO using the following 
command: 


$ qemu-system-i386 -m 512 -hda juniper.img -localtime -cdrom 4.11-RELEASE- 
i386-miniinst.iso 


Windows users should open a command prompt window and use the 
following commands instead. Be sure to enter the path command if QEMU 
isn’t already in your Windows path. 


c: cd Juniper 

c: path="c:\program files\GNS3\qemu-0.l3.0" 
c: qemu-img create juniper.img 8G 

c: qemu-system-i386w -m 512 -hda juniper.img -localtime -cdrom 4.11-RELEASE- 
i386-miniinst.iso 


When FreeBSD boots, the Kernel Configuration Menu appears, as 
shown in Figure 6-2. 
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OOP_QEMU 


Kernel Configuration Menu 


Skip kernel configuration and continue with installation 


Start kernel configuration in full-screen visual mode 
Start kernel configuration in CLI mode 


Here you have the chance to go into kernel configuration mode, making 
any changes which may be necessary to properly adjust the kernel to 
match your hardware configuration. 

If you are installing FreeBSD for the first time, select Uisual Mode 
(press Down-Arrow then ENTER). 

If you need to do more specialized kernel configuration and are an 
experienced FreeBSD user, select CLI mode. 

If you are that you do not need to configure your kernel 

then simply press ENTER or Q now. 


Figure 6-2: FreeBSD Kernel Configuration Menu 


Press ENTER to skip the kernel configuration and continue with the 
installation. 

Next, the FreeBSD sysinstall Main Menu appears, shown in Figure 6-3. 


O O 


QEMU 


Welcome to the FreeBSD installation and configuration tool. Please 
select one of the options below by using the arrow keys or typing the 
first character of the option name you're interested in. Invoke an 
option with [SPACE] or [ENTER]. To exit, use [TAB] to move to Exit. 


Quick start - How to use this menu system 


Begin a quick installation (for the impatient) 
Begin a custom installation (for experts) 

Do post-install configuration of FreeBSD 
Installation instructions, README, etc. 

Select keyboard type 

Uiew/Set various installation options 

Repair mode with CDROM/DUD/floppy or start shell 

Upgrade an existing system 

Load default install configuration 

Glossary of functions 


X Exit Insta11 



Figure 6-3: sysinstall Main Menu 

Use the arrow to move down, select Standard to begin a standard 
installation, and then press ENTER to continue. 


Partitioning the Filesystem 

The next screen, shown in Figure 6-4, displays basic information about 
using the FDISK Partition Editor. 
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QEMU 


In the next menu, you uill need to set up a DOS-style ("fdisk") partitioning 
scheme for your hard disk. If you simply wish to devote all disk space 
to FreeBSD (overwriting anything else that might be on the disk(s) selected) 
then use the (A) 11 command to select the default partitioning scheme followed 
by a (Q)uit. If you wish to allocate only free space to FreeBSD, move to a 
partition marked ''unused” and use the (C)reate command. 

(100X) 

mpmi 


Figure 6-4: FDISK partitioning message screen 

Read the instructions and press enter to continue to the FDISK 
Partition Editor menu, shown in Figure 6-5. 

e O O _ QEMU _ 


DISK Geometry: 16644 cyls/16 heads/63 sectors = 16777152 sectors (8191MB) 
Offset Size(ST) End Marne PType Desc Subtype Flags 

0 16777216 16777215 - 6 unused 0 


The following commands are supported (in upper or lower case): 

A = Use Entire Disk G = set Drive Geometry C = Create Slice F = ‘DD' mode 

D = Delete Slice Z = Toggle Size Units S = Set Bootable ! = Wizard m. 

T = Change Type U = Undo All Changes Q = Finish 

Use FI or ? to get more help, arrow keys to select. 

I 


Figure 6-5: FDISK Partition Editor menu 

The FDISK Partition Editor allows you to choose how much disk space 
you want to allocate to FreeBSD. Choose A to use the entire disk and then 
select Q to finish. 

The Install Boot Manager menu should appear next, as shown in 
Figure 6-6. 
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QEMU 


FreeBSD comes uith a boot selector that allows you to easily 
select between FreeBSD and any other operating systems on your machine 
at boot time. If you have more than one drive and want to boot 
from the second one, the boot selector will also make it possible 
to do so (limitations in the PC BIOS usually prevent this otherwise). 
If you do not want a boot selector, or wish to replace an existing 
one, select "standard”. If you would prefer your Master Boot 
Record to remain untouched then select "None". 


NOTE: PC-DOS users will almost certainly require "None"? 



■OH Cancel 


Figure 6-6: Install Boot Manager menu 

Use the arrow to move down, select Standard to install a standard mas¬ 
ter boot record (MBR), and press enter to continue. 

FreeBSD then displays a message about creating BSD partitions inside 
your newly created FDISK partition, as shown in Figure 6-7. 

0 O O QEMU 


Now you need to create BSD partitions inside of the fdisk partition(s) 
just created. If you have a reasonable amount of disk space (200MB or more) 
and don't have any special requirements, simply use the (A)uto command to 
allocate space automatically. If you have more specific needs or just don't 
care for the layout chosen by (A)uto, press FI for more information on 
manual layout. 



Figure 6-7: BSD partition message 

After reading the message, press enter to continue to the FreeBSD 
Disklabel Editor. 
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The next step is to create Juniper-compatible partitions. It’s important to 
pay close attention to how you partition the virtual hard disk because the 
Juniper Olive package must see the correct FreeBSD partitions or the instal¬ 
lation will fail. You also must create your partitions in a specific order. 

To create your first partition, select C and type the partition size in the 
held provided, as shown in Figure 6-8. 

|OOQ _ QEMII _I 

Disklabel Edi 


Disk: adO Partition name: adQsl Free: 16777089 blocks (8191MB) 

Part Mount Size Newfs Part Mount Size Newfs 


Please specify the partition size in blocks or append a trailing G for 
gigabytes, M for megabytes, or C for cylinders. 

16777Q89 blocks (8191MB) are free. 



Cancel 


The following commands are valid here (upper or lower case): 

C = Create D = Delete M = Mount pt. 

N = Newfs Opts Q = Finish S = Toggle SoftUpdates 

T = Toggle Newfs U = Undo A = Auto Defaults R = Delete+Merge 

Use FI or ? to get more help, arrow keys to select. 


Figure 6-8: Specify a partition size. 

I entered 1024M to create a 1GB partition. Press enter to accept this 
value, and you’ll see the partition type option screen, shown in Figure 6-9. 

|OOQ _ qemu _ 

9BHK|B^^3BUjU|UnflHFreeBSD Disklabel Edi 


Disk: ad0 Partition name: ad0sl Free: 16777089 blocks (8191MB) 

Part Mount Size Newfs Part Mount Size Newfs 


If you want to use this partition for swap space, select Swap. 
If you want to put a filesystem on it, choose FS. 



Cancel 


The following commands are valid here (upper or lower case): 

C = Create D = Delete M = Mount pt. 

N = Newfs Opts Q = Finish S = Toggle SoftUpdates 

T = Toggle Newfs U = Undo A = Auto Defaults R = Delete+Merge 

Use FI or ? to get more help, arrow keys to select. 


Figure 6-9: Choose o partition type. 
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Press enter to create a filesystem (FS) partition type, and you’ll be 
given the option to choose the mount point for the partition, as shown in 
Figure 6-10. 

|OOQ _ qemu _ 

reeBSD Ed i 


isk: ad0 Partition name: adOsl Free: 16777089 blocks (8191MB) 

art Mount Size Newfs Part Mount Size Newfs 



he following commands are valid here (upper or lower case): 

= Create D = Delete M = Mount pt. 

= Newfs Opts Q = Finish S = Toggle SoftUpdates 

= Toggle Meufs U = Undo A = Auto Defaults R = Delete+Merge 

se FI or ? to get more help, arrou keys to select. 


Figure 6-10: Choose a mount point for the partition. 

To create a mount point for your root partition, type a forward slash (/) 
and press ENTER to complete the configuration of your first partition. 

Using Table 6-1, follow the same procedure to create the complete file¬ 
system layout. The order is important! After creating your root partition (/), 
work your way down the list, finishing with the /var partition. When you get 
to the swap partition, make sure you choose swap and not FS as your parti¬ 
tion type. The /var partition is last, so when you create it, accept the default 
partition block size. This value uses the remaining free space on your parti¬ 
tion. Remember, if the partitions are not created in sequential order, the 
partition names won’t match the mount points, and Juniper Olive won’t 
install properly. 


Table 6-1: FreeBSD Partitioning for Juniper Olive 


Part 

Mount 

Size 

adOsl a 

/ 

1024 MB 

adOsl b 

swap 

1024 MB 

adOsl e 

/config 

1024 MB 

adOsl f 

/var 

remaining space 


There are many ways to partition FreeBSD in preparation for the Olive 
install, but I’ve found this method to be the most reliable across different 
versions of Juniper Olive. When you’re done, the filesystem should look 
exactly like the one in Figure 6-11. 
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■f^SS^BFreeBSD Disklabel Editor^ft? 1 - 


Disk: ad0 

Part 

it ion name: adOsl Free: 0 blocks 

COMB) 

Part 

Mount 

Size 

Newfs Part Mount 

Size Newfs 

adQsla 

/ 

1024MB 

UFS Y 


adOslb 

swap 

1024MB 

SWAP 


adOsle 

/conf ig 

1024MB 

UFS+S Y 


adOslf 

/var 

5119MB 

UFS+S Y 


The following commands are va 

id here Cupper or lower 

case ) : 

C = Create D 

= Delete 

M = Mount pt. 


N = Newfs 

Opts Q 

= Finish 

S = Toggle SoftUpdates 


n = Toggle Newfs U 

= Undo 

A = Auto Defaults R 

= Delete+Merge 

ri 

? to get more help. 

arrow keys to select. 



Figure 6-11: Fully configured partition layout suitable for Juniper Olive 

Once you’ve configured all the partitions, choose Q to complete the 
partitioning process and then choose your distribution set, as shown in 
Figure 6-12. 


O O 


QEMU 


As a convenience, we provide several "canned" distribution sets. 

These select what we consider to be the most reasonable defaults for the 
type of system in question. If you would prefer to pick and choose the 
list of distributions yourself, simply select "Custom". You can also 
pick a canned distribution set and then fine-tune it with the Custom item. 


Choose an item by pressing [SPACE! or [ENTER!. 
Exit item or move to the OK button with [TAB!. 


When finished, choose the 



Reset selected distribution list to nothing 
Full sources, binaries and doc but no games 
Same as above + X Window System 
Full binaries and doc, kernel sources only 
Same as above + X Window System 
Average user - binaries and doc only 
Same as above + X Window System 

is 


he smallest configuration possible 


Cance1 


Figure 6-12: FreeBSD distribution choices 

Use the arrow keys to scroll down, select Minimal, and then press the 
spacebar to make the selection. Now press tab to select OK and press enter 
to finish. 
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Finishing Installation of FreeBSD 

Next, choose your installation media, as shown in Figure 6-13. 

0 O O_ QEMU 


FreeBSD cart be installed from a variety of different installation 
media, ranging from floppies to an Internet FTP server. If you're 
installing FreeBSD from a supported CD/DUD drive then this is generally 
the best media to use if you have no overriding reason for using other 
media. 





Install from an FTP server 

Install from an FTP server through a firewall 
Install from an FTP server through a http proxy 
Install from a DOS partition 
Install over NFS 

Install from an existing filesystem 
Install from a floppy disk set 
Install from SCSI or QIC tape 
Go to the Options screen 


Figure 6-13: Choosing an installation media 

Press enter to choose CD/DVD as your installation media, and the 
installation will begin. When it’s finished, the message shown in Figure 6-14 
appears. 

0 o O_ QEMU 


Congratulations! You now have FreeBSD installed on your system. 

We will now move on to the final configuration questions. 

For any option you do not wish to configure, simply select 
No. 

If you wish to re-enter this utility after the system is up, you 
may do so by typing: /stand/sysinsta 11 . 



Figure 6-14: File installation complete message 

Because you’re using FreeBSD as a host for Junos OS, you don’t need to 
concern yourself with any of the FreeBSD configuration questions that fol¬ 
low this screen. Answer “no” to all remaining questions, and when asked to 


Juniper Olive and vSRX Firefly 77 











create a password for the root account, press enter to leave it blank. When 
you’re finished answering questions, allow the system to reboot, log on as 
root, and shut down FreeBSD using the halt command. Then close the 
window and quit the QEMU program. 


Installing the Juniper Olive Package in FreeBSD 

Now that the FreeBSD installation is complete, you can install the Juniper 
Olive package. 

Getting Your Olive Up and Running 

Boot FreeBSD using QEMU with the following command to ensure that 
you can mount the. juniper-olive.iso CD image Hie you created earlier. (On 
Windows, replace qemu-system-i386 with qemu-system-i386w.) 


qemu-system-i386 -m 512 -hda juniper.img -localtime -cdrom juniper-olive.iso 


If FreeBSD loads correctly, a login prompt should appear. Log in as root 
at the prompt; you shouldn't need to enter a password, so just press ENTER. 
Then use the mount command to mount the jumper-olive, iso CD image. 


# mount /cdrom 


Create a temporary directory named olive on the /var partition and 
extract the Juniper Olive package into the temporary directory. 


# mkdir /var/tmp/olive 

# cd /var/tmp/olive 

# tar zxvf /cdrom/jinstall-l2.lRl.9-domestic.tgz 


Next, modify Junos OS to allow you to install the software on your 
QEMU virtual machine. 


# mkdir temp 

# cd temp 

# tar zxvf ../pkgtools.tgz 

# cp /usr/bin/true bin/checkpic 


Extract the pkgtools directory from pkgtools.tgz to another temp directory 
within the olive directory, and replace the checkpic file with the FreeBSD true 
file. This removes the Junos OS checkpic protection. 

After the modification, gzip the temp directory contents back into a 
tarball named pkgtools.tgz and remove the temp directory you created. 


# tar zcvf ../pkgtools.tgz * 

# cd .. 

# rm -rf temp 
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Next, create a new Olive installation package and install it on your 
FreeBSD system. In the following listing, I’ve named the installation pack¬ 
age olive, tgz: 


# tar zcvf ../olive.tgz * 

# pkg_add -f ../olive.tgz 


After you install the Olive package, you should see an error message fol¬ 
lowed by some warning messages, which tell you that the package will erase 
any Hies that aren’t Junos configuration files and that you need to reboot to 
load the Junos OS software. 

Any other onscreen instructions displayed can be ignored because 
they apply to an actual Juniper router, not an Olive installation on a PC. 
However, before continuing, you need to shut down the FreeBSD system 
using the halt command and quit QEMU. 


# halt 


The final step in installing Olive is to reboot the system and give the 
package time to complete its takeover of FreeBSD. At this point, you must 
provide the installer with extra memory, or the install will fail. Although 
Junos OS runs comfortably with 512MB of RAM, the installer needs 1024MB 
of RAM to create the RAM disk that it uses during installation. 

In Linux and OS X, boot Juniper Olive with 1024MB of RAM to com¬ 
plete the installation, as follows: 


$ sudo qemu-system-i386 -m 1024 -hda juniper.img -serial telnet:l27.0.0.1:1001, 
server,nowait,nodelay -localtime 


Windows users should enter the following command instead: 


c: qemu-system-i386w -m 1024 -hda juniper.img -serial telnet:l27.0.0.1:1001, 
server,nowait,nodelay -localtime 


After you boot the system, you can watch the Olive software being 
installed by using telnet to connect to port 1001 of your localhost. (On 
Windows you may have to install the Telnet Client program from the 
Programs and Features Control Panel first.) Open a second Windows com¬ 
mand prompt or terminal window, and enter the following command to 
see the installation output displayed on the console: 


telnet localhost 1001 


I highly recommend monitoring your install. It’s a great way to trouble¬ 
shoot whether something goes wrong. Otherwise, you won’t know why an 
installation failed. A common problem is that not enough memory has been 
allocated to your virtual machine; another is that your partition sizes are too 
small or were created incorrectly. 
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The Juniper Olive installation can take 15 minutes or longer, depend¬ 
ing on your hardware, because the installer performs a lot of tasks, such as 
repartitioning your FreeBSD hard drive and extracting various packages. 
When everything is complete, the system should automatically reboot, 
load Junos OS, and present you with what appears to be a FreeBSD login 
prompt, shown in Figure 6-15. 



Figure 6-15: Successful Junos OS boot messages and login 


This prompt is where you'll log in to Junos OS. If you see the previous 
messages and the login prompt, then your Juniper router is ready to use. 

Backing Up Juniper Olive 

After you create a working Olive, make a backup copy of the image for safe¬ 
keeping. After all, who wants to go through all that work again? Not me! 

First, properly shut down Junos OS to prevent triggering a dirty file¬ 
system. A dirty filesystem occurs when hies have not been properly closed. 
This condition can cause hie corruption and can even break the Junos 
operating system. If the filesystem is marked as dirty, a filesystem check is 
triggered the next time you start Junos OS, and it may take longer than usual 
to boot until the system is checked and marked clean again (meaning no 
errors were found, or all errors were hxed). 

To shut down Junos OS, log in as root (no password necessary) and 
enter the following commands: 


Login: root 
root@% cli 

root> request system halt 

Halt the system ? [yes,no] (no) yes 


80 Chapter 6 



It’s safe to quit QEMU after you see a message indicating that the oper¬ 
ating system has halted, as shown here: 

The operating system has halted. 

Please press any key to reboot. 

To make a backup copy of your Juniper image, enter the following com¬ 
mand from the directory where your image hie is saved: 

$ cp juniper.img backup-juniper.img 

Windows users can use this command instead: 

c: copy juniper.img backup-juniper.img 

Now that you have a Juniper router, you need to configure GNS3 so it 
can be used in your projects. 

Configuring a Juniper Router in GNS3 

To configure a Juniper router in GNS3, select Edit ► Preferences on 
Windows and Linux or GNS3 ► Preferences on OS X. Double-click QEMU 
from the sidebar and select QEMU VMs to open the QEMU VMs prefer¬ 
ences window, shown in Figure 6-16. 


O ^ Preferences 


°* n * ral 1 QEMU VMs pftftrtncts ~| 


CNS3 server 



Packet capture 

“ Junos 'Central 


VPCS 

VM name: 

Junos 

► Dy na mips 

Server 

local 

► IOS on UNIX 

Memory: 

512 MB 

» VirtualBox 

QEMU binary: 

qemu-system-iJ86 


* Hard disks 



Disk image (hda): 

/home/jneumann/GNS3/images/QEMU/Juniper.img 


» Network 



Adapters: 

6 


Typt: 

el 000 


* Additional options 



Options: 

-nographic 


New Edit Delete 



Figure 6-16: QEMU VMs preferences window 
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From here you can create, edit, and delete QEMU virtual machines, 
allowing you to bring your Juniper virtual machine into GNS3. 

Adding the Juniper Virtual Machine to GNS3 

To add your Juniper virtual machine to GNS3, click New to start the New 
QEMU VM wizard. Enter a name for your virtual machine and leave Type 
set to Default. Click Next to set the QEMU binary and memory options, 
shown in Figure 6-17. 


New QEMU VM 


QEMU binary and memory 

Please check the Qemu binary is correctly set and the 
virtual machine has enough memory to work. 

Qemu binary: /usr/local/brn/qemu-system-i38d (V2.1.2) 
RAM: | SI 2 MB 



< Back Next > j Cancel 

Figure 6-17: Setting QEMU binary and memory 


Select qemu-system-i386 from the Qemu binary drop-down menu. 
You’re choosing this QEMU program because Juniper Olive runs on a 
32-bit version of FreeBSD. Give your Olive 512MB of RAM and then click 
Next. Click Browse to locate and select the juniper. img fi le that you created 
previously, and then click Finish. 


NOTE 


Two QEMU binary applications are often used in GNS3: qemu-system-i386 and 
qem-system-x86_64 ■ The difference between them is that qem-system-i386 is designed 
to emulate 32-bit architecture, and qemu-system-x86_64 is designed to emulate 64-bit 
architecture. The qem-system-x86_64 application is supposed to be 32-bit backward 
compatible, but it is not compatible with all 32-bit virtual machines (including IOS-XRv, 
for example). 


Adding Ethernet Interfaces 

After creating your virtual machine, go back and add more Ethernet inter¬ 
faces. I recommend using six interfaces. Highlight your virtual machine 
and select Edit. Click the Network tab and change the number of interfaces 
to 6. Now select the Advanced settings tab and enter the -nographic option 
under Additional settings, as shown in Figure 6-18. 
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O ~ QEMU VM configuration 


Junos 

General settings HDD Network Advanced settings 

Linux boot specific settings 

Initial RAM disk (initrd): I Browse— 

Kernel image: i Browse-. 

Kemet command line: 

Aditlonal settings 

Options: l-nographicl 


Cancel OK 

Figure 6-18: QEMU advanced options 

The -nographic option prevents the QEMU GUI interface from display¬ 
ing when you start your QEMU virtual machine. Although the GUI can 
be useful in troubleshooting a virtual machine, it’s more often a nuisance 
and should be disabled. This option can be used with any QEMU virtual 
machine, not only Juniper. When you’re done, click OK to close the win¬ 
dow and then click Apply and OK to save all your changes. 


Testing a Juniper Router 

Before creating projects that include Juniper routers, it’s a good idea to test 
connectivity between a Cisco router and a Juniper router. If you’re unable to 
successfully ping between the devices, there might be a problem with your 
installation, and it’s better to find out early before you spend hours design¬ 
ing a project that doesn't work. 

Drag a Cisco router node and 


a Juniper router node to your work¬ 

R1 


Junosl 


space from the Devices toolbar, and 


Q 


create a link from the Cisco router 




to interface eO of the Juniper router, 

fo/o 

eO / 


\ 


as shown in Figure 6-19. 

Start the routers and open a Figure 6-19: Connecting a Cisco router to 

console to the Cisco router. Assign ° Juniper router 
an IP address to the interface that’s 
connected to your Juniper router 
(f0/0, in this example). 
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Rl> enable 

Rl# configure-terminal 
Rl(config)# interface fO/O 

Rl(config-if)# ip address 10.10.10.1 255.255.255.0 
Rl(config-if)# no shutdown 


Now open a console to your Juniper router, log on, and configure an IP 
address using the same subnet as your Cisco router. 


Login: root 

root@% cli 
root> edit 

O root# set system root-authentication plain-text password 

New password: olivel 
Retype new password: olivel 

root# set interfaces emo unit 0 family inet address 10.10.10.2/24 
root# commit 
commit complete 


For security, Junos OS requires that you assign a root password O before 
you can commit any other configuration changes to the router, so do that 
now. I set the password to olivel, but you can enter any password you want. 


NOTE 


In this example, you can see that Juniper syntax is entirely different from Cisco syntax. 
If Juniper syntax is new to you, visit the Juniper website (http://www.juniper.net/) 
for detailed information about configuring Juniper routers. 


After configuring both devices, ping your Cisco router to test connectivity. 


root# exit 

root> ping 10.10.10.1 


If the ping test fails, there could be a problem with your IP addresses 
or QEMU installation. If you compiled QEMU from source code, verify 
that you installed a version known to work with Juniper Olive. If necessary, 
compile and reinstall QEMU again. If the problem persists, try installing or 
compiling another version of QEMU. 

You can also create an Olive using VirtualBox. The procedure is basi¬ 
cally the same as QEMU, but you'll use the VirtualBox GUI tools instead of 
the command line. When you create your VirtualBox virtual machine, set 
Type to BSD and set Version to FreeBSD (32-bit). 


Running Juniper vSRX Firefly 

In addition to Junos OS, you can run a virtual version of Juniper’s SRX 
Firewall, called vSRX Firefly. If you register with Juniper, you can download an 
evaluation of Firefly from the website for free (http://www.juniper.net/). You’ll 
want to download the Firefly VMware Appliance - FOR EVALUATION! 
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package. As you can see from the name, it’s designed to run on VMware, 
but you can tweak it to run on VirtualBox or QEMU. I'm covering VirtualBox 
here, so make sure the VirtualBox program is installed on your system before 
you begin. 

After you’ve downloaded the Firefly software, notice that it’s an Open 
Virtual Appliance (OVA) hie, named something like junos-vsrx-ver.x-domestic 
.ova. An OVA hie is a special package hie that can be unarchived using the 
tar command. To extract the contents from the hie on Linux or OS X, use 
the following command: 


$ tar xvf junos-vsrx-ver.x-domestic.ova 


NOTE 


If you’re running Windows, you can use the 7-zip application (http://www.7-zip 
.org/) to extract the files. 


After all the hies have been extracted, you need to convert the VMware 
virtual machine disk hie (the hie with extension .vmdk) to a virtual disk 
image (VD1) hie that can be used by VirtualBox. To convert the hie, use 
the vboxmanage utility that comes with VirtualBox. 


$ vboxmanage clonehd -format VDI junos-vsrx-ver.x-domestic-diskl.vmdk 
junos-vsrx-ver.x-domestic-diskl.vdi 


After converting the disk image, you can delete all the Firefly hies except 
the new VDI image hie {junos-vsrx-veex-domestic-diskl.vdi in this example). 
This is the hard disk image hie that you will import into VirtualBox. 


Creating a Firefly Virtual Machine with VirtualBox 

You need to create a new virtual machine in VirtualBox and import the 
Firefly hard disk image hie. Launch VirtualBox and click New to open the 
Create Virtual Machine dialog, shown in Figure 6-20. 


Create Virtual Machine 



Name and operating system 

Please choose a descriptive name for the new virtual 
machine and select the type of operating system you 
intend to install on it- The name you choose will be used 
throughout VirtualBox to identify this machine. 


Name: (Firefly) 


B 

Type: BSD 


: 

Version: FreeBSD (32 bit) 


:i 


Hide Description < Back [ Next> Cancel 


Figure 6-20: Create Virtual Machine dialog 
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Give the virtual machine a name (Firefly in this example), set Type to 
BSD, and set Version to FreeBSD (32-bit). When you’re done, click Next to 
assign the memory size, as shown in Figure 6-21. 



Figure 6-21: Adjust the memory size. 


Follow the instructions from Juniper to set the proper memory size. 

In this example, I've chosen 2048 MB, because that’s what Juniper recom¬ 
mends for my version of Firefly. When you’re done, click Next, and check 
Use an existing virtual hard drive file, as shown in Figure 6-22. 

Use the browse icon to locate and choose the VDI image file you cre¬ 
ated previously. When you’re finished, click the Create button to create the 
virtual machine. 



Hard drive 

If you wish you can add a virtual hard drive to the new 
machine. You can either create a new hard drive file or 
select one from the list or from another location using 
the folder icon. 

if you need a more complex storage set-up you can skip 
this step and make the changes to the machine settings 
once the machine is created. 

The recommended size of the hard drive is 2.00 CB. 

O 2° not a< * d a virtual hard drive 
G Create a virtual hard drive now 
9 Use an existing virtual hard drive file 

junos-vsrx-12.1X47-D10.4-domestic-disk1.vdi ; C3 


< Back 


Cancel 


Figure 6-22: Choose the Junos vSRX Firefly VDI hard disk 
image file. 
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Giving Your Virtual Machine More Processors 

After creating the virtual machine, you have to increase the number of 
processors to two because vSRX Firefly needs two processors to run prop¬ 
erly. If your virtual machine is configured with only one processor, Firefly 
will boot and run, but you will not be able to see or configure any Ethernet 
interfaces. 

Select your virtual machine name in VirtualBox, go to Settings ► System, 
and click the Processor tab, shown in Figure 6-23. 


Firefly ■ Settings 


0 General 
[ll System 
l&i Oisplay 
19 Storage 
4^ Audio 
# Network 
^ Serial Ports 
0 USB 

£3 Shared Folders 


System 

Motherboard Processor Acceleration 
Processor(s): ^— 


1 CPU 


Execution Cap: , 


1% 

Extended Features: Q Enable PAE/NX 


(O 


Help 


Cancel 


Figure 6-23: The Processor tab under System 


Use the slider tool to select two processors, and click OK. After you’ve 
configured your Firefly virtual machine, right-click your virtual machine 
in VirtualBox and select Clone to create a copy of it to work with in GNS3. 
The original virtual machine will remain unused, and you'll always have a 
clean, unconfigured master of your virtual machine. 

Once you’re done creating the Firefly virtual machine, you’ll need to 
add it to GNS3 before you can use it in your projects. 

Adding vSRX Firefly to GNS3 

Launch GNS3 and select Edit ► Preferences on Windows and Linux or 
GNS3 ► Preferences on OS X. Double-click VirtualBox in the pane on the 
left, and select VirtualBox VMs to open the VirtualBox VMs preferences 
window, shown in Figure 6-24. 

To add your Firefly VirtualBox virtual machine to GNS3, click New to 
start the New Virtual VM wizard. Select your Firefly virtual machine from 
the drop-down menu and click Finish. Next, click Edit. 
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O ^ Preferences 


General 
GNS3 server 
Packet capture 
VPCS 

► Dynamips 

► IOS on UNIX 
» VirtualBox 


► QEMU 


1 VirtualBox VMs preferences 
1 • Firefly 


New Edit Delete 


* General 

VM name: Firefly 

Server: local 

Console enabled: False 

Headless mode enabled: False 

* Network 

Adapters: 6 

Type: Automatic 


Apply 


Figure 6-24: VirtualBox VMs preferences window 


On the General settings tab, place a check next to Enable remote console 
and Start VM in headless mode. This will allow you to use the console to 
log on to Firefly. Finally, click the Network tab, change the number of inter¬ 
faces to 6, and set the network type to Paravirtualized Network (virtio net). 
You’re now ready to create a project using Firefly. 

Creating a Project with a Zone-Based Firewall 

In this section, you’ll create a simple project using vSRX Firefly as a network 
firewall. Firefly is similar in functionality to Cisco’s ASA firewall, but it’s 
different to configure. I won’t go into a lot of detail, but this project should 
get you started. If you want to learn more about Juniper SRX, you can find 
plenty of detailed documents at Juniper’s website (https://www.juniper.net/). 

Let’s start by creating the GNS3 project shown in Figure 6-25. Drag a 
Firefly device from the End Devices toolbar to your workspace. Next, drag 
two Cisco routers to your workspace and link the devices together. Link 
Rl’s interface f0/0 to interface el of vSRX Firefly. Link R2’s interface f0/0 
to interface eO of vSRX Firefly. 
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R1 R2 


192.168.1.1 


TRUST 
ZONE 

vSRX Firefly 

Figure 6-25: vSRX Firefly project 

Router R1 will be configured to use a Firefly trust zone. R1 represents 
a trusted host on your LAN. Router R2 will be configured to use a Firefly 
untrust zone. The untrust zone represents an untrusted network, like the 
Internet. You’ll configure Firefly so that your trusted host (Rl) can ping 
your untrusted host (R2) through the vSRX Firefly firewall using NAT. 

Begin by configuring router Rl with an IP address and default gateway. 



Rl(config)# interface fo/o 

Rl(config-if)# ip address 192.168.1.100 255.255.255.0 

Rl(config-if)# no shutdown 

Ri(config-if)# ip route 0.0.o.o o.o.o.o 192 . 168 . 1.1 


Next, configure an IP address on the untrusted router R2. No gateway 
configuration is necessary here. 


R 2 (config)# interface fo/o 

R2(config-if)# ip address 100.1.1.1 255.255.255.0 
R2(config-if)# no shutdown 


With the router IP addresses configured, you can turn your attention to 
Firefly. Log on using the root account to configure the vSRX Firefly firewall. 
Because this is a new installation, you should not be asked for a password. 
After logging on, enter the following commands to create your firewall; 
you'll start by creating a password and configuring the network settings: 


root@%cli 

root>edit 

© root#set system root-authentication plain-text-password 

New password :fireflyl 
Retype new password :fireflyl 

© root#set interface ge-0/0/0.0 family inet address 100.1.1.2/24 
© root#set interface ge-0/0/1.0 family inet address 192 .168.1.1/24 
0 root#set routing-options static route 0.0.0.0/0 next-hop 100.1.1.1 
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Like ajuniper router, you cannot save any configuration changes on an 
SRX device until you’ve assigned a password to the root account, so start by 
going to edit mode and creating a root password O. I've entered firefly 1 , but 
you can choose any password you’d like. 

Next, at ©, you set the IP address on the WAN interface (ge-0/0/0.0), 
and at ©, you set the LAN interface (ge-0/0/1.0). Finally, at ©, set the 
default gateway address using the untrusted router’s IP address (100.1.1.1). 

Complete the configuration by defining your security zones and secu¬ 
rity trust policies. 


O root#set security zones security-zone trust interfaces ge-0/0/1.0 

© root#set security nat source rule-set interface-nat from zone trust 

© root#set security nat source rule-set interface-nat to zone untrust 

0 root#set security nat source rule-set interface-nat rule rulel match 

source-address 0.0.0.0/0 destination-address 0.0.0.0/0 
© root#set security nat source rule-set interface-nat rule rulel then source-nat 
interface 

© root#set security policies from-zone trust to-zone untrust policy permit-all 
match source-address any destination-address any application any 
© root#set security policies from-zone trust to-zone untrust policy permit-all 
then permit 
© rootftcommit 


Assign your LAN interface to the trust zone ©. Set the interface-nat 
source zone to trust © and the interface-nat destination zone to untrust ©. 
and create a rule that matches any source and destination IP addresses 
(0.0.0.0/0) 0. In a production environment, you would tighten this up a bit, 
but for your practice GNS3 lab, it’s fine. Now configure NAT overloading on 
the WAN interface ©. 


NOTE 


vSRX Firefly’s interface-nat command is used to achieve the equivalent of Cisco 
NAT/PAT overloading. 


To finish the configuration, define the type of traffic that’s allowed 
to go between the zones ©. In this case, you’re allowing all protocols and 
applications from the trust zone to the untrust zone. Finally, create the secu¬ 
rity policy © and commit your changes ©, and you’re done! 

Verify your configuration by entering the show security nat source summary 
command. 


root>show security nat source summary 
Total port number usage for port translation pool: 0 
Maximum port number for port translation pool: 33554432 
Total pools: 0 

Total rules: 1 

Rule name Rule set From To Action 

rulel© interface-nat© trust© untrustO interface© 
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This information indicates that rulel O allows packets via NAT © from 
the trust zone © to the untrust zone 0, and IP data sourced from the trust 
zone will be overloaded onto the untrusted interface ©. By default, that’s 
interface ge-0/0/0.0 (your WAN interface). If your summary matches the 
one in this book after entering the command, then you’re ready to test the 
connection. If your output looks different, then you’ve probably mistyped 
something, so you need to go back and check all your configuration settings. 

Log on to router R1 and enter the ping command to test connectivity 
with router R2. 


Ri#ping 100 . 1 . 1.1 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 100.1.1.1, timeout is 2 seconds: 

! 11 ] | 

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/10/24 ms 


If your ping is successful, as indicated by !!!!!, then you’ve done every¬ 
thing correctly. If it failed, then you may need to go back and check your 
configuration settings. You should also make sure your Cisco routers have 
the correct IP addresses and subnet masks and that the Ethernet interfaces 
are not shut down. 


Final Thoughts 

In this chapter, you learned about Juniper and Juniper Olive, and I showed 
you how to create a Juniper Olive using QEMU and VirtualBox. I also intro¬ 
duced you to vSRX Firefly, and I provided some insight about how to config¬ 
ure a basic zone-based firewall using an SRX device. 

In most cases, Juniper runs a little slower using QEMU than using 
VirtualBox. However, QEMU allows you to add an unlimited number 
of Juniper routers to your projects without cloning, and GNS3 will store 
your Juniper configurations with your projects. As a rule, VirtualBox loads 
and runs devices faster than QEMU, but your configurations are saved with 
each virtual machine instance in VirtualBox, not in GNS3. Because of this, 
you have to create a unique virtual machine instance of your devices using 
the VirtualBox clone feature. The cloned devices are then used in your 
GNS3 projects. 

Juniper is less popular than Cisco in the corporate world, but it’s a big 
player in larger environments, like campus sites and the ISP routing and 
switching market. If you take your networking career into one of those 
realms, Juniper certification could set you apart from other applicants, and 
GNS3 is a great way to learn Juniper routers and SRX devices! You should 
start with JNCIA certification, which is the entry-level Juniper certifica¬ 
tion (Juniper’s equivalent to Cisco CCNA), and it’s a prerequisite for more 
advanced certifications. Juniper’s training website ( http://www.juniper.net/us/ 
en/training/) provides all the information you need to get started. 
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DEVICE NODES, LIVE SWITCHES, 
AND THE INTERNET 


In this chapter, I’ll demonstrate how 
GNS3 device nodes are used with Cisco 
IOS routers. GNS3 provides a Hub node 
and various Switch nodes, including an Ether¬ 
net switch, EtherSwitch router, ATM switch, and 
Frame Relay switch. In addition, we’ll take a look at 
how to create your own Frame Relay switch using a 
Cisco IOS router. 

We’ll also explore a very powerful feature known as a Cloud node. 

A Cloud node is used to expand your networks beyond the GNS3 program. 
With Cloud nodes, you’ll soon be able to connect your GNS3 projects to 
live Cisco switches and access the Internet using GNS3 routers. 



Built-in Device Nodes 


Built-in device nodes simulate the features of a specific device type (like 
a switch). They’re easy to configure and can be useful if you need to save 
time and PC resources or if you just want to get something done without 
knowing all the details of the underlying technology. 

If you create a topology that uses VLANs, you can drag a GNS3 Ether¬ 
net switch node to your workspace and use a simple menu to quickly create 
VLANs or VLAN trunks. Of course, if you’re studying for a Cisco exam that 
involves switching, you need to know how to configure actual Cisco IOS 
switches. 

Node Configurator 

By now, you already know that the Node configurator can be used to con¬ 
figure the features of a single device node, but it can also be used to modify 
multiple devices at the same time. As your projects grow and you use more 
devices, this feature can save you a lot of time. 

To open multiple devices at the same time, use your mouse to select 
those devices in your workspace, and then right-click any device and choose 
Configure. The selected devices display in the Node configurator, as shown 
in Figure 7-1. 


O ~ Node configurator 



Reset Apply Cancel ^ OK 


Figure 7-1: Modifying multiple devices using the Node configurator 

To configure a single device, select that device from the column on the 
left. Configure each device and click Apply. When you’re finished configur¬ 
ing all the devices, click OK to complete the process. 
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To modify multiple devices, use the shift key to select several at once 
from the column on the left and then configure them in the same manner 
as you would a single device. Let’s say you have ten 7200 series routers and 
you want to add the same network module to slot 0 on all 10 routers. Use 
the shift key to select all the routers, add the module to slot 0, and then 
click Apply and OK to make the change to all 10 devices. 

You can also select an entire group of routers by clicking their group 
name. In the previous figure, you could configure Rl, R2, and R3 at the 
same time by selecting the group name Router c3725 group O. 

Ethernet Hub 

GNS3 provides an Ethernet hub (see Figure 7-2) as a tool that networking 
instructors can use to teach students about the perils of Ethernet loops, 
excessive broadcasts, and multiport repeating. 


HUBl 



Settings 

Name: HUBl 

Number of ports: 8 


Reset Apply , , Cancel , OK ml 

Figure 7-2: Ethernet hub Node configurator 

As a general rule, you should stick with GNS3 switches and avoid includ¬ 
ing hubs in your projects. But if you do need to use an Ethernet hub, you 
can change the number of available Ethernet ports by pulling up the Node 
configurator and selecting your hub from the list on the left. The default 
value is eight ports, so if you want a different amount, enter that number in 
the Settings held on the right. 
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EtherSwitch Router 


GNS3 provides two types of Dynamips switches, the Ethernet switch node and 
the EtherSwitch router. I discussed the Ethernet switch node in Chapter 4, 
so I'll only cover the EtherSwitch router here. 

An EtherSwitch router is not a simulated device like an Ethernet hub or 
Ethernet switch node. Instead, it’s a Dynamips router running Cisco IOS 
that’s been configured with a 16-port switch module (NM-16ESW). This is 
the same switch module that can be installed on an actual Cisco router, 
and it has the same features and limitations (see Appendix C for details). 
Although the switch module has limited functionality, it’s perfectly suited 
for CCNA and many CCNP studies. For more advanced switching features, 
you need to integrate real switches into your GNS3 projects or use Cisco 
IOU switches. 

STFSpB The EtherSwitch router requires that you configure a c-3745 router with an IOS. 

To add additional switch ports to your EtherSwitch router, right-click 
the switch icon and select Configure, as shown in Figure 7-3. 

The EtherSwitch router allows you to add additional switch modules. 
Adding another NM-16ESW module in slot 2 increases the number of 
switch ports to 32. 


ESWl 



General Memories and disks Slots Advanced 

Adapters 


slot 0: GT96100-FE _ zj 

slot 1: NM-16ESW ;J 

slot 2: _ Zj 

slot 3: i Z I 

I ; ' 

slot 4: ; 

slot S: 
slot 6: 

WICs 

wicO: _ Zj 

wicl: [_ Zj 

wic2: (_ Zj 

I | Reset | Apply Cancel OK 

Figure 7-3: EtherSwitch router Node configurator 
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Frame Relay Switch 

GNS3 provides a simple Frame Relay switch node, capable of emulating the 
basics of a generic Frame Relay switch. The nice thing about the GNS3 
Frame Relay switch node is that it requires very little configuration. The 
downside is that it can sometimes be unstable. 


WARN I NG 


The GNS3 Frame Relay switch node only supports the ANSI LMI type, and Cisco 
is the default LMI type on Cisco IOS. You must use the command frame-relay 
lmi-type ansi on your router interfaces. Otherwise your frame cloud will not work. 
You can verify your LMI type using the show frame-relay lmi command (after con¬ 
figuring Frame Relay encapsulation). 


In Frame Relay, data link connection identifiers (DLCIs) are used to assign 
frames to a permanent virtual circuit (PVC) using serial port connections. To 
configure DLCI to serial port mappings, right-click the Frame Relay switch 
icon and open the Node configurator. Use the Source and Destination 
fields to create a mapping and click Add. When you’re finished, click Apply 
and OK to complete the configuration. 

The example configuration in Figure 7-4 will be used later to create a 
simple Frame Relay network. In the Mapping panel on the right, notice that 
FR1 is configured using two serial ports. Each serial port is used to link the 
Frame Relay switch to a router in your GNS3 project. 

FRl 


O ° Node configurator 



T ■ Frame Relay switc... FRl configuration 

rKl 

General 


Mapping 


Name: [FRl 


Port:DLCI 

* Port:DLCI 



1:100 

2:101 

Source 


1:200 

3:201 

Port: 1 

_ • 



DLCI: 200 

* 



Destination 




Port: 3 

- 



DLCI: 201 

_ : 



| Add j D< 

?lete 








Reset Apply Cancel ^ Q* 

Figure 7-4: Frame Relay switch Node configurator 
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Port 1 has been assigned two DLCI numbers (100 and 200). Each DLCI 
on port 1 is mapped to a DLCI number on another serial port, and each 
mapping forms a Frame Relay PVC. Mapping is read from left to right, so 
in the first row, port 1 DLCI 100 is mapped to port 2 DLCI 101, and in the 
second row, port 1 DLCI 200 is mapped to port 3 DLCI 201. We’ll use these 
mappings to configure a simple Frame Relay network. 

Simple Frame Relay Hub and Spoke Configuration 

There are several ways to configure a Frame Relay network, and under¬ 
standing DLCI to serial port mapping is critical for understanding and con¬ 
figuring any of them. To better understand the mapping relationship, let’s 
configure a simple network using the previously discussed DLCI to serial 
port mappings. I won’t go into a lot of theory, but I’ll explain enough to get 
you started. 

We ll create our sample network using the topology in Figure 7-5. The 
network is divided into two subnets, 10.10.10.0 and 10.10.10.32, using the 
subnet mask 255.255.255.224. 



Figure 7-5: Sample hub and spoke Frame Relay network 


This simple network is an example of a Frame Relay hub and spoke 
topology and should give you a good idea of how DLCI mappings work in a 
Frame Relay network. Router R2 will be on the 10.10.10.0 subnet, and router 
R3 will be on the 10.10.10.32 subnet. Router R1 is the hub in our hub and 
spoke topology. It will be connected to both subnets and will forward packets 
between them through the Frame Relay switch. This configuration will 
allow router R2 to ping router R3 and vice versa. 

To create the project, add a Frame Relay switch node to your workspace 
and set it up the way we did in Figure 7-4. Add three routers and configure 
each of them with a serial interface card such as a WIC or NM-4T. Link the 
routers to the FR1 switch as shown. Be sure R1 is connected to Port 1 on FR1, 
R2 is connected to Port 2, and R3 is connected to Port 3. After linking the 
devices and configuring the Port:DLCI mapping on the FR1 switch, con¬ 
figure the hub router Rl, as shown in the following code. 
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Rl(corvfig)# interface Serialo/o 
Rl(config-if)# encapsulation frame-relay 
Rl(config-if)# frame-relay lmi-type ansi 
Rl(config-if)# clock rate 64000 
Rl(config-if)# no shutdown 
Rl(config-if)# no ip address 


On the serial interface, enable Frame Relay encapsulation O, and 
set the LMI type to ANSI ©. Although not required for GNS3, I’ve also set 
the clock rate © because, depending on your IOS, the command may be 
required on an actual Frame Relay switch. 

Next, configure point-to-point interfaces and DLCIs. 


Rl(config-if)# interface SerialO/O.lOO point-to-point 
Rl(config-subif)# frame-relay interface-dlci 100 
Rl(config-subif)# ip address 10.10.10.1 255.255.255.224 
Rl(config-subif)# interface Serial0/0.200 point-to-point 
Rl(config-subif)# frame-relay interface-dlci 200 
Rl(config-subif)# ip address 10.10.10.33 255.255.255.224 


Configure a point-to-point subinterface © on serial interface 
SerialO/O.lOO using DLCI 100 © and assign the interface an IP address 
from the first subnet © (10.10.10.0/27). 

Complete the configuration by adding a second point-to-point 
subinterface 0 in the same manner, but use DLCI 200 ©, and assign the 
interface an IP addresses from the second subnet © (10.10.10.32/27). 

In this example, I'll use the first valid address from the subnet, which is 
10.10.10.33. 

It’s considered a Cisco best practice to use the DLCI number for your subinterface 
number. Serialo/o. loo is an example of a subinterface for DLCI 100. 

The following listing contains all of the commands you need to config¬ 
ure router R2. 


R2(config)# interface Serialo/o 
R2(config-if)# encapsulation frame-relay 
R2(config-if)# frame-relay lmi-type ansi 
R2(config-if)# clock rate 64000 
R2(config-if)# no shutdown 
R2(config-if)# no ip address 

R2(config-if)# interface SerialO/O.lOl point-to-point 
R2(config-subif)# frame-relay interface-dlci 101 
R2(config-fr-dlci)# ip address 10.10.10.2 255.255.255.224 

R2(config-subif)# exit 

R 2 (config)# ip route o.o.o.o o.o.o.o 10 . 10 . 10.1 


To configure R2, go under the serial interface and enable Frame Relay 
encapsulation ©. then set the LMI type to ANSI ©. set the clock rate ©, and 
bring up the interface. Configure a point-to-point subinterface 0 using 
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DLCI 101 © and assign the subinterface an IP address from the first sub¬ 
net © (10 .10.10.0 /27 in this example). Lastly, set the router’s default gateway 
using the IP address configured under interface DLCI 100 of router R1 © 
(IP address 10.10.10.1). Because R1 is the hub of our Frame Relay hub and 
spoke topology, it’s used as the default gateway for our two subnets so that 
data can be routed between routers R2 and R3. 

Finally, add a configuration to router R3 to complete the project. 


R3(config)# interface Serialo/o 
R3(config-if)# encapsulation frame-relay 
R3(config-if)# frame-relay lmi-type ansi 
R3(config-if)# clock rate 64000 
R3(config-if)# no shutdown 
R3(config-if)# no ip address 

R3(config-if)# interface Serial0/0.20l point-to-point 
O R3(config-subif)# frame-relay interface-dlci 201 
© R3(config-fr-dlci)# ip address 10.10.10.34 255.255.255.224 
R3(config-subif)# exit 

© R3(config)# ip route o.o.o.o o.o.o.o 10 . 10 .10.33 


Router R3 is configured in nearly the same way as R2, but it uses 
DLCI 201 © and an IP address © from the second subnet. Also, you need 
to set the default gateway using the IP address configured under interface 
DLCI 200 of router R1 © (IP address 10.10.10.33). 

That’s it! All three routers should now be able to ping each other. 

In a nutshell, each router encapsulates data frames and identifies them 
with a Frame Relay DLCI number as they leave their serial interfaces. When 
the Frame Relay switch receives data from a router, the data frames are for¬ 
warded to other routers through the switch based on the DLCI to serial 
port mapping. Because R1 is configured as a Frame Relay hub and knows 
about both subnets, it can forward data between the two subnets using 
the two PVCs. In this example, one PVC is made up of DLCI 100 mapped 
to DLCI 101, and the other is made up of DLCI 200 mapped to DLCI 201. 

To verify that your Frame Relay circuit is active, enter the command 
show frame-relay pvc on each of your routers. 


Rl# show frame-relay pvc 

PVC Statistics for interface Serialo/o (Frame Relay DTE) 



Active 

Inactive 

Deleted 

Static 

Local 

02 

0 

0 

0 

Switched 

0 

0 

0 

0 

Unused 

0 

0 

0 

0 


If you’ve set everything up correctly, your PVCs should be displayed 
under Active ©. 
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Creating a Frame Relay Switch Using IOS 

As handy as the Frame Relay switch node is, sometimes you might need to 
create your own Frame Relay switch using an IOS router. Maybe you want 
to use a different LMI type (like Cisco or q933a), or perhaps your studies 
require knowing the details of an actual Cisco Frame Relay switch. In any 
case, an IOS switch is fairly easy to set up. 

The following listing creates an IOS Frame Relay switch using DLCI 
mappings identical to the GNS3 Frame Relay switch node you configured 
earlier. It may look intimidating at first glance, but it’s not; you just need to 
understand how Frame Relay connect commands are used to configure the 
DLCI to serial port mappings. 

© FRSW(config)# frame-relay switching 
FRSW(config)# interface Serialo/o 

FRSW(config-if)# description Serial connection to Router Rl (Hub) 
FRSW(config-if)# no shutdown 
FRSW(config-if)# no ip address 
© FRSW(config-if)# encapsulation frame-relay 
© FRSW(config-if)# clock rate 64000 
0 FRSW(config-if)# frame-relay lmi-type ansi 
© FRSW(config-if)# frame-relay intf-type dee 
FRSW(config-if)# interface SerialO/l 

FRSW(config-if)# description Serial connection to Router R2 (Spoke) 

FRSW(config-if)# no shutdown 

FRSW(config-if)# no ip address 

FRSW(config-if)# encapsulation frame-relay 

FRSW(config-if)# clock rate 64000 

FRSW(config-if)# frame-relay lmi-type ansi 

FRSW(config-if)# frame-relay intf-type dee 

FRSW(config-if)# interface SerialO/2 

FRSW(config-if)# description Serial connection to Router R3 (Spoke) 

FRSW(config-if)# no shutdown 

FRSW(config-if)# no ip address 

FRSW(config-if)# encapsulation frame-relay 

FRSW(config-if)# clock rate 64000 

FRSW(config-if)# frame-relay lmi-type ansi 

FRSW(config-if)# frame-relay intf-type dee 

FRSW(config-if)# exit 

© FRSW(config)# connect PVCl Serialo/o 100 Serialo/l 101 
© FRSW(config)# connect PVC2 Serialo/o 200 Serial0/2 201 

When configuring a Frame Relay switch, you must first enable Frame 
Relay switching with the frame-relay switching command O. You’ll also 
configure Frame Relay encapsulation on each serial interface with the 
encapsulation frame-relay command ©. Then, use the clock rate command © 
to set up clocking, choose an LMI type with frame-relay lmi-type 0 , and set 
the interface type to DCE using the frame-relay intf-type dee command ©. 
After bringing up the interfaces, you’re ready to define your PVCs. 

Egml On some IOS versions, the clock rate command may need to be entered as clockrate. 
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DLCI to port mapping is configured using connect connection-name 
interface dlci interface dlci commands. The last two commands in this 
configuration define a connection mapping between two Frame Relay 
PVCs. The command connect PVCl Serialo/o 100 SerialO/l 101 © defines 
a PVC between routers R1 and R2 and is used for creating our first subnet. 
The source interface is Serial0/0 and the source DCLI is 100. The PVC is 
completed using interface Serial0/1, and DLCI 101 configured on router R2 
The command connect PVC 2 Serial0/0 200 Serial0/2 201 © uses the same 
syntax to create a second PVC between routers R1 and R3 (used for the 
second subnet). 

That’s all there is to creating your own Frame Relay switch. When con¬ 
figuring a Frame Relay switch with Cisco IOS, the LMI type can be set to 
cisco, ansi, or q933a, but you must be consistent on all routers participating 
in the Frame Relay network. 


ATM Switch 

GNS3 provides an easy way to configure an Asynchronous Transfer Mode (ATM) 
switch. ATM is similar to Frame Relay in that it’s a layer 2 protocol that maps 
physical ports to logical circuits. 

To configure a VPI/VCI to port mapping, right-click the ATM switch 
icon and select Configure, as shown in Figure 7-6. Here, I’ve configured a 
simple virtual circuit using two ports on the ATM1 switch node. 


ATMl 



Reset Apply Cancel OK 


Figure 7-6: Node configurator 


102 


Chapter 7 





Use the Source and Destination fields to create your port mapping, and 
then click Add. When you’re finished with all the port mapping, click Apply 
and OK to complete the configuration. 

Now let’s run through a quick example of creating a simple point-to- 
point WAN connection using an ATM switch. Start by creating the topology 
shown in Figure 7-7. 


R1 R2 



Figure 7-7: Sample ATM network 


Add an ATM switch to your workspace and configure it using the infor¬ 
mation from Figure 7-6. Next, add two routers and create a link between 
each router and the switch. You need to use 7200 series routers that are each 
configured with an ATM port adapter (PA-A1) in slot 1. Create a link from 
al/0 on each router to the ATM switch, as shown in Figure 7-7, and then 
enter the following commands to configure ATM on router Rl. 


Rl(config)# interface ATMl/O 
Rl(config)# no shutdown 

Rl(config)# interface ATMl/0.100 point-to-point 
Rl(config-subif)# ip address 10.10.10.1 255.255.255.252 

Rl(config-subif)# pvc 25/100 

Rl(config-if-atm-vc)# protocol ip 10.10.10.2 broadcast 
Rl(config-if-atm-vc)# encapsulation aalssnap 


Next, apply a similar configuration to router R2. 


R2(config)# interface ATMl/0 
R2(config)# no shutdown 

R2(config)# interface ATMl/0.200 point-to-point 
R2(config-subif)# ip address 10.10.10.2 255.255.255.252 

R2(config-subif)# pvc 25/200 

R2(config-if-atm-vc)# protocol ip 10.10.10.1 broadcast 
R2(config-if-atm-vc)# encapsulation aalssnap 


To verify that your ATM circuit is up, enter the show atm pvc command. 


Rl# show atm pvc 


If the PVC status displays UP, then the two routers should now be able to 
ping each other. 
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Cloud Nodes 


The Cloud node is a highly configurable device node that doesn’t simulate 
a particular piece of hardware. Instead, it provides a wide range of Network 
Input/Output (NIO) connection options that allow GNS3 virtual devices 
to communicate with other programs or real hardware, like your PC’s 
Ethernet adapter. 

You connect to a Cloud node by creating a standard link from a GNS3 
device (like a router) to the Cloud. Once this is done, any data leaving a 
virtual interface passes through the Cloud node’s NIO connection to a 
destination outside GNS3, like a physical Ethernet adapter. Keep in mind 
that throughput limitations presented in GNS3 also apply to the virtual 
interface connected to the Cloud mode, meaning those limitations will 
affect your overall performance. 

To configure an NIO connection (shown in Figure 7-8), right-click the 
Cloud icon and select Configure. 



▼ Cloud group 

Cloud 1 configuration 




NIO Ethernet NIO UDP NIO TAP NIO UNIX NIOVDE NIO NULL MiSC. 

Generic Ethernet NIO (Administrator or root access required) 

lo _ ;j 

lo Add Delete 




Linux Ethernet NIO (Linux only, root access required) 


Jo_ Zj 


lo Add Delete 





Reset 

Apply j Cancel L 


Figure 7-8: Cloud Node configurator 


The Node configurator provides six connection options: 

NIO Ethernet Creates a connection to one or more physical or logical 
interfaces in your PC. The NIO Ethernet configuration lets you set up 
both a generic NIO and a Linux-only NIO. 

NIO UDP Creates a UDP socket in order to form a link between 
GNS3 and other programs. 
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NIO TAP Creates a connection to a virtual TAP interface. TAP inter¬ 
faces are often bridged to physical interfaces in your PC. 

NIO UNIX Creates a UNIX Socket connection between GNS3 and 
some other application. 

NIO VDE Creates a link between GNS3 and a Virtual Distributed 
Ethernet device. 

NIO NULL Creates a link between GNS3 and a NULL device to form 
a dummy link. 

Misc. Allows you to rename a Cloud node. 

To configure a connection, select the NIO connection type, choose the 
options you want, and select Add. You can configure more than one con¬ 
nection per Cloud node, allowing you to link multiple GNS3 devices, just as 
you can use multiple interfaces on a GNS3 switch or router. 

On Linux systems, you may want to use a generic NIO connection, which 
may work more reliably than a Linux-specific NIO. One reason is that the 
Linux-specific NIO may strip incoming VLAN tags. If you’re having difficulty 
with a connection on Linux, try both to see which works better. 


Connecting GNS3 Devices to Physical Hardware 

The ability to connect projects to physical hardware is what transforms 
GNS3 from a diamond in the rough to the Great Star of Africa. Using the 
Cloud node, you can establish trunk links with live Cisco switches and even 
access the Internet from your GNS3 devices. This gives GNS3 nearly limitless 
networking possibilities. Connecting GNS3 to real devices is easier on some 
systems than others, but it should work on all major operating systems. 

Dynamips Permissions 

Before connecting GNS3 devices to a physical Ethernet adapter, you may 
need to make a few changes on your PC. If your Cloud node is configured 
using NIO Ethernet on a Windows system, you should run GNS3 using 
administrator privileges by right-clicking the GNS3 icon and selecting Run 
as Administrator. To make this option permanent, right-click the GNS3 icon 
and choose Properties. Select the Compatibility tab and place a check next 
to Run this program as an administrator. 

On Unix-based systems, you need to elevate the permissions of Dynamips 
before using NIO Ethernet or NIO TAP connections. If you skip this step, 
you'll have to run GNS3 using the root account. Otherwise, NIO connec¬ 
tions will fail and GNS3 will display an error message in the GNS3 Console 
window. 

To set the correct Dynamips permissions on OS X, use the following 
commands: 


$ sudo chown root /Applications/GNS3.app/Contents/Resources/dynamips* 
$ sudo chmod 4755 /Applications/GNS3.app/Contents/Resources/dynamips* 
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Setting permissions on most Linux distributions works the same way; 
just replace the file path with the correct location for your dynamips file, as 
shown in the following code. If you’re running a Debian-based Linux sys¬ 
tem like Ubuntu, use the setcap command instead because it’s more secure. 


$ sudo apt-get install libcap2 

$ sudo setcap cap_net_raw,cap_net_admin+eip /usr/local/bin/dynamips* 


After changing the Dynamips permissions, you can run GNS3 as a 
regular user, but Dynamips will be treated as though it’s being run by the 
root account. 

Preparing Your PC for a Bridge 

Some operating systems don’t allow GNS3 to communicate directly with 
your PC’s Ethernet hardware, and Wi-Fi adapters usually don’t work, either. 
Before using GNS3 with an Ethernet adapter on those systems, you might 
need to install additional software to make it work. 

A common solution is to install a virtual interface driver and use a bridge 
to associate it with your PC’s physical Ethernet adapter. GNS3 then passes 
network data to the virtual interface, which hands it off to the physical Ether¬ 
net interface via the bridge. On Unix-based systems, virtual interfaces are 
often provided using TUN/TAP drivers. On Windows, you’ll use a loopback 
adapter that’s bridged to your physical Ethernet adapter. 

Even if your PC’s Ethernet hardware works directly with GNS3, the fol¬ 
lowing methods are recommended and predictable ways to connect GNS3 
to the outside world. 

Using a Loopback Adapter on Windows 

In Windows, a loopback adapter driver provides a virtual network interface that 
can be bridged to a physical Ethernet adapter in your PC. To add a loopback 
adapter to Windows, go to Control Panel ► Device Manager. Right-click your 
computer name from the list, and select Add legacy hardware. Click Next, 
select Install the hardware that I manually select from a list (Advanced), 
and click Next again. Choose Network Adapters from the list and click Next. 
From the Add Hardware wizard, shown in Figure 7-9, select Microsoft under 
Manufacturer, and then scroll down and select the Network Adapter named 
Microsoft Loopback Adapter. Click Next and Finish to complete the instal¬ 
lation. You must reboot Windows after installing the Microsoft Loopback 
Adapter. 

The Microsoft loopback adapter can also be installed by running the 
loopback-manager.cmd command from your GNS3 installation directory. 

To create a bridge between the loopback adapter and Ethernet adapter, 
go to Control Panel ► Network and Sharing Center and choose Change 
Adapter Settings. Select the two adapters and right-click to bring up the 
menu shown in Figure 7-10. Select Bridge connections to create the bridge 
interface between the two adapters. When you’re finished, restart Windows 
to allow the changes to take effect. 
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Add Hardware 


Select Network Adapter 

Which network adapter do you want to install 7 


®“ a Click the Network Adapter that matches your hardware, then click OK. If you have an 
installation disk for this feature, click Have Disk. 


Manufacturer 

Network Adapter 

Intel 

j dfl]Microsoft ISATAP Adapter 

Intel Corporation 


Microsoft 

CftJ Microsoft Teredo Tunneling Adapter = i 

Oracle Corporation 

-^Microsoft Virtual Machine Bus Network Adapter 


rjjl This driver is digitally signed. Have Disk... 

Tell me why driver signing is important 


< Back Nad > | Cancel j 


Figure 7-9: Selecting the Microsoft Loopback Adapter 




^ £• « Net... ► Netw... ► ▼ | | J Search Network Connections y 


Organize ▼ 

ip - ti © 

” Local Area Connection 

Network 

Intel(R) PRO/IOOO MT Desktop Ad... 

Local Area Connection 2 

Unidentified network 
<$@2 Microsoft Loopback Adapter 


Disable 

Status 

Diagnose 



Bridge Connections 



Create Shortcut 

Delete 

Rename 

Properties 





Figure 7-10: Creating a bridge using a Microsoft Loopback Adapter and an 
Ethernet adapter 

To allow GNS3 to use your physical Ethernet adapter on a Windows 
system, you’ll need to configure a Cloud node with the loopback adapter 
(see “Connecting GNS3 Devices to Physical Hardware” on page 105). It’s 
a good idea to rename your loopback adapter, so it can be clearly identi¬ 
fied within GNS3. In this example, I recommend changing Local Area 
Connection 2 to Loopback. 
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TUN/TAP Drivers on OS X 

If you’re using OS X, you need to install a virtual interface driver before 
GNS3 can access a physical Ethernet Interface. To install TUN/TAP drivers 
on OS X, download the driver software for your version of OS X from 
SourceForge {http://tuntaposx.sourceforge.net/), run the installer, and follow 
the instructions. 

The drivers should be installed under /Library/Extensions and should 
load automatically when you restart your system. To manually load the 
driver, change to the /Library/Extensions directory and enter the following: 


$ sudo kextload tap.kext 


Before launching GNS3, enter the following command to set permis¬ 
sions on your TAP interfaces. You’ll have to enter the command each time 
you reboot your Mac. 


$ sudo chown $(id -un):$(id -gn) /dev/tap* 


To activate a TAP interface and bridge it to a physical Ethernet port in 
your PC, you must enter the following commands after you add a Cloud and 
attach a router to the nio_tap interface, configured using /dev/tapO. If you 
enter the commands beforehand, they will fail and your bridge won’t work. 
You will have to enter these commands every time you load a project that 
includes a cloud node. 


$ sudo ifconfig bridgeo create 
$ sudo ifconfig bridgeo addm eno 
$ sudo ifconfig bridgeo addm tapo up 


After entering the commands from a terminal, OS X should bridge the 
tapO interface to the physical Ethernet interface in your Mac, which is enO 
in this example. You should use the ifconfig command to verify the name 
of your Mac’s Ethernet interface and then replace enO with that name. 


NOTE 


If you change the maximum transmission unit (MTU) size of an interface, you may 
see the error “ifconfig: BRDGADD tapO: Invalid argument” when you go to create the 
bridge. In this case, you need to make sure that the MTU size of your physical interface 
matches the MTU size of the TAP interface. 


I recommend adding an annotation to your project that includes these 
commands as a reminder to create the bridge when you open a project. 
Then, after opening the project you can copy the annotation and paste it 
into a terminal window to save time. Don’t forget to enter those commands 
every time you open a project that bridges Ethernet to a TAP interface, or it 
won’t work. 
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TUN/TAP Drivers on Ubuntu Linux 

On Linux, you should be able to connect a Cloud node directly to your 
Ethernet interface using the NIO Ethernet tab under the Cloud configurator, 
but if you find that you need TUN/TAP drivers for Ubuntu, update your 
package manager and enter the following command to install the package. 


$ sudo apt-get install uml-utilities 


If you’re running some other version of Linux, you may have to install 
a different package, but this package should work on most Debian-based 
distributions. 


Connecting to Live Switches 

GNS3 is great software, but it has some limitations. For example, the 
NM-16ESW switch module doesn’t include all the advanced features of an 
actual layer 2 or layer 3 switch. If you want to work with advanced switching, 
you have to use additional software like Cisco IOU or use physical Cisco 
switches. If you’re creating CCNA labs, then one live Cisco switch might 
be enough, but if you’re creating CCNP or CCIE labs, you’ll probably use 
multiple live switches. Often the goal is to have a GNS3 router connected to 
each external switch. This is tricky because most PCs have only one Ethernet 
adapter. Fortunately, GNS3 and IOS have this sorted out. Your options are to 
trunk VLANs to the switch over a single Ethernet adapter in your PC or to 
install multiple Ethernet adapters in your PC. 

In this section, I’ll cover two ways to connect GNS3 devices to live Cisco 
switches. 

Standard 802.IQ Trunk This method uses a standard 802.IQ, trunk 
to allow GNS3 devices to communicate with a live Cisco switch via your 
PC’s Ethernet adapter. 

Breakout Switch This method uses a specially configured Ethernet 
switch called a breakout switch to allow GNS3 devices to connect to 
multiple live switches using only a single Ethernet adapter in your PC. 
To create a breakout switch, you must have a second physical Ethernet 
switch on hand to use as the breakout switch. 

The option you choose depends on how many switches you own, your 
PC’s operating system, and what Ethernet adapters are already installed in 
your PC. Let’s start by looking at how an 802.IQ, trunk works to reach a 
Cisco switch. 

Configuring a Standard 802.1Q Trunk 

In my opinion, an 802.IQ, trunk is the best way to attach live switches to 
your GNS3 projects. The advantages of a standard 802.IQ, trunk are that 
it is easy to set up and works the same as connecting a switch to a physical 
network. The disadvantage is that your PC operating system or your PC’s 


Device Nodes, Live Switches, and the Internet 109 



Ethernet drivers might not support it. Often they strip the 802.IQ tags 
from packets coming from the switch into your PC. Without the proper 
tags, GNS3 has no way of knowing which VLANs your packets belong to 
and in turn doesn’t know where to forward the packets, which breaks your 
network. 

If you poke around the Internet, you’ll find all sorts of creative solutions 
that people have come up with to circumvent this problem, but they are 
generally platform-specific and vary from machine to machine. 

Krai One way to prevent tag stripping on OS X and Linux is to use a USB Ethernet 
adapter that supports 802.IQ tagging and jumbo frames. One such adapter that 
works well is the StartTech USB31000SW adapter, but any adapter that uses the 
ASIX AX88772A chipset should work. 

In this example, you’ll place either an EtherSwitch router or Ether¬ 
net switch node in your workspace and configure it with the 802.IQ 
trunking protocol. Next, you’ll add a Cloud node to your workspace and 
configure it using an NIO interface, and link it to the GNS3 switch. The 
Cloud node can either be directly connected, or bridged, to your PC’s 
Ethernet adapter (depending on your OS). You’ll then plug an Ethernet 
cable from your PC’s Ethernet adapter into a port on the live Cisco switch. 
The switch port you choose also needs to be configured with 802.IQ trunk¬ 
ing. After both the GNS3 switch and physical switch have been configured, 
you should be able to route GNS3-generated VLAN packets through the 
trunk to the live switch. 

In this section, we’ll create a simple project that connects our GNS3 
network to a live c3550 switch using two VLANs (10 and 20). Begin by creat¬ 
ing the topology shown in Figure 7-11. When configuring the Cloud node, 
choose your PC’s Ethernet adapter name, found under the NIO Ethernet tab. 


R2 



Figure 7-11: Sample topology using a standard dotlq trunk to live switch 


To configure VLANs and an 802.IQ trunk using the EtherSwitch router, 
open a console on ESW1 and enter the following commands: 

ESWl# vlan database 
O ESWl(vlan)# vlan 10 
© ESWl(vlan)# vlan 20 
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ESWl(vlan)# apply 
ESWl(vlan)# exit 
ESWl# configure terminal 
ESWl(config)# int fl/15 
© ESWl(config-if)# switchport 
0 ESWl(config-if)# switchport 
ESWl(config-if)# int fl/0 
ESWl(config-if)# switchport 
© ESWl(config-if)# switchport 
ESWl(config-if)# int fl/l 
ESWl(config-if)# switchport 
© ESWl(config-if)# switchport 


mode trunk 

trunk encapsulation dotlq 

mode access 
access vlan 10 

mode access 
access vlan 20 


The previous commands create VLAN 10 O and 20 © on the switch, 
configure a trunk port © using the dotlq protocol 0, and assign access 
ports to VLAN 10 © (for router R2) and VLAN 20 © (for router R3). 

If instead you choose to use an Ethernet switch node, configure one 
port as an 802.IQ trunk and the others as VLAN access ports, as shown 
in Figure 7-12. 


swi 



Node configurator 


^chg^ swi configuration 


General 

Ports 



Name: SWI 

Port 

- VLAN 

Type 


1 

10 O 

access 

Settings 

2 

20 © 

access 

Port: 1 4 ; 

3 

1 © 

dotlq 


VLAN: 1 
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Add Delete 
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Figure 7-12: Ethernet switch node configured with a dotlq trunk port 


Ports 1 and 2 are configured as access ports using VLAN 10 O and 20 ©, 
and port 3 is the dotlq trunk port © that’s connected to the Cloud node. 

Next, log on to your live Cisco switch and create the same VLANs. 
Then, configure the 802.IQ trunk port and cable it to your PC’s Ethernet 
adapter. The following listing is an example of how to configure a c3550 
switch, using commands you’ve seen throughout the chapter. 
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c3550# configure-terminal 
c3550(config)# ip routing 
c3550(config)# interface vlan 10 
c3550(config-vlan)# ip address 10.1.1.1 
c3550(config-vlan)# interface vlan 20 
c3550(config-vlan)# ip address 20.1.1.1 
c3550(config-vlan)# exit 
c3550(config)# Interface fo/l 

c3550(config-if)# switchport trunk encapsulation dotlq 
c3550(config-if)# switch port mode trunk 
c3550(config-if)# switchport trunk allowed vlan all 
c3550(config-if)# speed 100 
c3550(config-if)# duplex full 


To complete the project, configure routers R2 and R3. Log on to 
router R2 and configure an IP address and default gateway for VLAN 10. 


R2(config)# interface fo/o 
R2(config-if)# description Using VLAN 10 
R2(config-if)# ip address 10.1.1.2 255.255.255.0 

R2(config-if)# no shutdown 
R2(config-if)# exit 

R2(config)# ip route o.o.o.o 0.0.o.o 10 . 1 . 1.1 


Now, log on to router R3 and configure an IP address and default gate¬ 
way for VLAN 20. 


R 3 (config)# interface fo/o 
R3(config-if)# description Using VLAN 20 
R3(config-if)# ip address 20.1.1.2 255.255.255.0 

R3(config-if)# no shutdown 
R3(config-if)# exit 

R3(config)# ip route o.o.o.o 0.0.o.o 20 . 1 . 1.1 


Test VLAN routing through the switch by entering a ping command 
from one VLAN to another. 


R3# ping 10 . 1 . 1.2 
11 m i 


When you’re finished with the project, you can further verify the con¬ 
figuration using tools like CDP or Wireshark. 

Creating the Elusive Breakout Switch 

A breakout switch is another way to connect real switches to GNS3 projects, 
and it’s common to set one up using Ubuntu Linux. Although a break¬ 
out switch does work on other systems, it’s easiest to set up on Linux. As 
mentioned earlier, other operating systems like Windows and OS X might 
remove VLAN information from the packets. For this reason, it’s best to 
install Ubuntu on real hardware if you plan to create a breakout switch. 
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If you use a virtual machine, your underlying host OS may strip the VLAN 
tags, and the breakout switch won’t work. You can sometimes get around 
this by using a USB Ethernet adapter, like the StartTech USB31000SW 
mentioned in “Configuring a Standard 802.IQ Trunk” on page 109. 

This switching method requires a minimum of two real Cisco switches; 
one is the breakout switch, and the other is one or more live Cisco switches 
that are used in your GNS3 project. The breakout switch is used to fool the 
live Cisco switches into thinking that each of your GNS3 routers is directly 
connected to a live switch with an Ethernet cable. In reality, only one Ethernet 
adapter is used in your PC to connect all your GNS3 routers to the live 
switches, and that adapter is connected to the breakout switch. The break¬ 
out switch is then configured to break out all the VLANs into individual inter¬ 
faces that you plug into other live Cisco switches using Ethernet cables (one 
per VLAN). I call these breakout cables. Figure 7-13 shows the physical layout 
of your PC and switches. 


SW1 

SW2 


Figure 7-13: Physical layout using a breakout switch and live Cisco switches 

Here’s the flyby view of how it works. Breakout VLANs are configured 
on your Linux Ethernet adapter using the vlan package, and an 802.IQ 
trunk is configured on the breakout switch. In GNS3, you’ll add one or 
more Cloud nodes that are configured with the Linux breakout VLANs 
using NIO Ethernet interfaces. In your GNS3 project, a router is connected 
to each of the Cloud node’s VLAN interfaces (one router per interface). 
Packets leaving the routers go into the Cloud node, where Linux tags them 
with a VLAN ID and passes them to the breakout switch using your PC’s 
Ethernet adapter. The breakout switch receives the packets on a standard 
802.IQ trunk port. From there, the breakout switch uses the VLAN IDs 
to identify and transparently pass the packets to one (or more) live Cisco 
switches. What makes this so ingenious is that each GNS3 router has a sepa¬ 
rate Ethernet cable that is connected to a port on the live Cisco switch, even 
though your PC has only a single Ethernet adapter. 

Breakout switches are fairly straightforward to set up on Linux. Start 
by updating your package manager and installing VLAN support on your 
Ubuntu system. 

$ sudo apt-get install vlan 

Now, enable the 802lq Linux module using the modprobe command. 
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$ sudo modprobe 802lq 


Next, increase the MTU frame size on the Ethernet interface, and 
create your breakout VLANs using the vconfig command. Be sure to sub¬ 
stitute etho with the name of your interface. 

O $ sudo ifconfig etho mtu 1546 
© $ sudo vconfig add etho 10 
© $ sudo vconfig add etho 20 

ETT1IT31 Your Ethernet adapter must support frame sizes above the standard maximum of 

1500 bytes. 

The increased frame size O makes room for the additional VLAN tags. 
Create one breakout VLAN for each router in your project. In the previous 
listing, I created two breakout VLANs (10 © and 20 ©) on my Linux PC’s 
etho interface. 

02533 1 Don’t confuse breakout VLANs with VLANs you create in your GNS3 projects. It’s 
important to understand that breakout VLANs should be used only by Linux and the 
breakout switch—they are not to be used in your GNS3 project or live Cisco switches. 

Start configuring the breakout switch by increasing the system-wide 
MTU size. After the command is entered, you must reload the switch for 
the change to take effect. 

Breakout(config)# system mtu 1546 

After the switch reboots, log on and configure an 802.IQ trunk link 
as follows: 

Breakout# configure terminal 
Breakout(config)# interface FastEthernet 0/1 
© Breakout(config-if)# switchport trunk encapsulation dotlq 
© Breakout(config-if)# switchport mode trunk 
© Breakout(config-if)# switchport trunk allowed vlan all 

The interface you configure as the trunk is then connected to your PC’s 
physical Ethernet adapter using an Ethernet cable. As shown here, dotlq 
encapsulation © is configured on the trunk port ©, and all VLANs © are 
allowed through the trunk. 

Next, go under each interface that you plan to connect to a live switch, 
and configure a breakout VLAN and a dotlq tunnel for each VLAN, as 
shown in the following listing: 

Breakout(config)# vlan 10 
Breakout(config-vlan)# vlan 20 
Breakout(config-vlan)# exit 
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Breakout(config)# interface FastEthernet 0/2 

Breakout(config-if)# description CNS3 Rl Physical Uplink to Live Switch SWl 
Breakout(config-if)# switchport access vlan 10 
Breakout(config-if)# switchport mode dotlq-tunnel 
Breakout(config-if)# l2protocol-tunnel cdp 
Breakout(config-if)# interface FastEthernet 0/3 

Breakout(config-if)# description GNS3 R2 Physical Uplink to Live Switch SW2 
Breakout(config-if)# switchport access vlan 20 
Breakout(config-if)# switchport mode dotlq-tunnel 
Breakout(config-if)# l2protocol-tunnel cdp 


Here, our breakout switch’s FastEthernet 0/2 interface is configured for 
VLAN 10 O, dotlq tunneling ©, and Cisco discovery protocol tunneling ©. 
FastEthernet 0/3 is configured the same way, but for VLAN 20 0. These are 
the interfaces used to connect GNS3 routers to your live Cisco switches. 

We already know that Cisco Discovery Protocol (CDP) is used to share 
and gather information with directly connected Cisco equipment, often 
called neighbors. However, our live Cisco switch is not directly connected to 
GNS3; instead, it’s connected to the breakout switch. In this instance, the 
only way to use CDP is by tunneling the protocol through the breakout 
switch to a live Cisco switch with the l2protocol-tunnel cdp command. (You 
can also tunnel STP and VTP.) This is where things get tricky because CDP 
tunneling does not work on all switches. If you need to use CDP, be sure to 
choose a breakout switch that fully supports CDP tunneling. Table 7-1 lists a 
few common Cisco switches and their CDP tunneling capabilities. 


Table 7-1: Common Cisco Switches and Their CDP Tunneling Compatibility 


Switch CDP tunneling compatibility 


Cisco 2950 
Cisco 3550 
Cisco 3560 
Cisco 3750 
Cisco 4948 


CDP will not work in either direction. Layer 2 tunneling is not sup¬ 
ported on this switch. 

CDP works only in one direction. Neighbors cannot be seen on the 
switches regardless of the IOS version. 

CDP works only in one direction. Neighbors cannot be seen on the 
switches regardless of the IOS version. 

Bidirectional CDP and fully functional (layer 2 and layer 3) using 
IP Services image. IP Base image does not support tunneling. 

Bidirectional CDP and fully functional (layer 2 and layer 3) using a 
minimum IP Services image. 


The Cisco 3750 switch works well, both as a breakout switch and for 
tunneling CDP, but it’s not the cheapest switch available. If you don’t have 
the cash to spring for this model, you can choose a cheaper model that 
should work as a breakout switch, but you won’t have complete transpar¬ 
ency in your GNS3 project. 

Before continuing, be sure that Fa0/1 on the breakout switch is con¬ 
nected to your PC’s Ethernet port, and that FaO/2 and FaO/3 are connected 
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to Ethernet ports on your live project switches. After checking those con¬ 
nections, start GNS3 and configure a Cloud node using the Linux VLANs 
you created previously, as shown in Figure 7-14. 

Cloud 1 


Kfo Node configurator 



Figure 7-14: Configuring a Cloud node using Linux VLANs 

|S|S3j Even though you’re using Linux, it’s important to use the Generic Ethernet NIO and 
not the Linux Ethernet NIO. Otherwise, VLAN tagging may not work. 

When you’re finished adding break¬ 
out VLANs to the Cloud node, add a 
couple of routers to your workspace 
and create a link from each router to a 
breakout VLAN on the Cloud node. In 
Figure 7-15, router R1 (F0/0) is linked 
to VLAN 10 in the Cloud using nio_ 
gen_eth:ethO. 10, and R2 (F0/0) is linked 
to VLAN 20 using nio_gen_eth:eth0.20. 

Because the breakout switch is only 
used to split VLANs into multiple physi¬ 
cal ports, it requires no further con¬ 
figuration. In this example, router R1 
is now linked to any live switch plugged 
into breakout switchport fO/2, and R2 
should be linked to any live switch 
plugged into port fO/3. 
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NOTE 


If you create large projects using many VLANs, you may want to assign only one 
Linux VLAN interface per Cloud node to help clarify the layout in your workspace. 


Your GNS3 routers should now be able to communicate with one or 
more real Cisco switches. 


Optional Breakout Switch Configuration 

If you’re running Windows or OS X, you may be able to use a GNS3 Switch 
node to link your project to a breakout switch, as shown in Figure 7-16. In 
this setup, the breakout switch is configured in the same way as previously, 
but you’ll need to make some tweaks to your PC. The Ethernet switch node 
connects to a Cloud node using an NIO interface configured with a loop- 
back adapter on Windows or a TAP interface on OS X. The virtual adapter 
is bridged to your PC’s physical Ethernet adapter. This allows Cloud 1 to 
connect to the breakout switch using your PC’s Ethernet adapter. 



Figure 7-16: Breakout switch configuration using an Ethernet switch node 


For the breakout switch to work, you should increase the MTU size 
on your PC’s physical Ethernet adapter, but not all adapters support this 
feature. 

If you’re a OS X user, the MTU size must be increased on both your 
physical adapter and virtual adapter. To increase the MTU size from the 
command line, use the following example: 


$ sudo ifconfig eno mtu 1546 
$ sudo ifconfig tapo mtu 1546 


NOTE 


On OS X, configure the virtual and physical adapter using the same MTU size, or 
the bridge creation will fail. 


You may have to check your Ethernet adapter documentation to config¬ 
ure your adapter on Windows. On many adapters, however, the MTU setting 
can be found under the Advanced properties of the adapter, as shown in 
Figure 7-17. In this example the Dumbo Packet value is set to 9014 bytes on an 
Intel PRO/1000 MT card. 
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Intel(R) PRO/IOOO MT Desktop Adapter Properties 

General /^vanced Driver | Del ads j Power Management 

The Mowing properties are available for this network adapter Clck 
the property you want to change on the left, and then select its value 
on the right 

Property: Value: 

[901 4 Byte s (Alteon) - 


OK ] | Cancel 



Figure 7-17: Setting the Jumbo Packet size on Windows 

Next, bring up the Node configurator for the Ethernet switch node to 
define VLANs and the dotlq trunk port, as shown in Figure 7-18. 
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Figure 7-18: Ethernet switch node configured for breakout switch 


In this example, R1 is connected to access Port 1 (VLAN 10), R2 is 
connected to access Port 2 (VLAN 20), and Port 3 is the dotlq trunk to the 
breakout switch. After everything is configured in GNS3, you can log on 
and configure the breakout switch with VLANs and dotlq tunneling as 
previously described. 
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NOTE 


Using Multiple Adapters in Your PC 

Instead of using an 802.IQ trunk or a breakout switch, you could use one 
physical Ethernet interface for each router in GNS3. If you have a laptop, 
you could use a USB hub and connect multiple USB Ethernet adapters to 
your PC; with a desktop, you could use the USB hub method or purchase a 
multiport Ethernet card. Figure 7-19 shows the physical layout of the design. 


GNS3 PC 

(multiple Ethernet adapters) 


Project 

switches 



SW1 

SW2 


Figure 7-19: Physical layout using multiple adapters in a PC 


Connect each Ethernet adapter in your PC to a physical port on a live 
Cisco switch. Log on to each switch and configure an access port using the 
switchport mode access command. Then, assign a unique VLAN number to 
the port by entering switchport access vlan {vlan number}, as in the following 
listings. 

Start with the first switch (c3550_swl): 


c3550_swl(config)# interface fo/l 

c3550_swl(config-if)# description VLAN used for PC Ethernet Adapter 1 
c3550_swl(config-if)# switchport mode access 
c3550_swl(config-if)# switchport access vlan 10 


Next, configure switch two (c3550_sw2): 


c3550_sw2(config)# interface fo/l 

c3550_sw2(config-if)# description VLAN used for PC Ethernet Adapter 2 
c3550_sw2(config-if)# switchport mode access 
c3550_sw2(config-if)# switchport access vlan 20 


To connect GNS3 devices to the switches, add a Cloud node to your 
workspace and assign one NIO Ethernet interface for each Ethernet adapter 
in your PC. Connect your GNS3 routers to each NIO interface using one 
router per interface. 

OS X users will have to create a unique bridge interface for each adapter and bridge 
each Ethernet interface to a unique TAP interface. OS X supports tip to 16 TAP 
devices (tapO through tapl5). 

After all the devices in your project have been configured, your GNS3 
devices should be able to communicate with the live Cisco switches. Further 
configuration is required on the switches to enable routing between GNS3 
routers and is determined by the switch block design you create. 

Now let’s take a look at connecting GNS3 to the Internet. 
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Connecting GNS3 Devices to the Internet 

To connect GNS3 devices to the Internet, you need to use an Ethernet 
adapter in your PC. Wireless network adapters are not supported if you 
use them directly, though one may work if bridged to a loopback adapter 
or TAP interface (but don’t count on it). Make the GNS3 to Ethernet con¬ 
nection the same way that you connect to a physical switch: add a Cloud 
node to your project and configure it with either an NIO TAP or NIO 
Ethernet interface. 

Configuring Windows 

On Windows systems, create a bridge using a loopback adapter and your 
PC’s physical Ethernet adapter. Then, in GNS3, use a Cloud node config¬ 
ured using NIO Ethernet and select the loopback adapter. Because the 
loopback adapter is bridged to the physical Ethernet adapter, you can use 
the Cloud to connect to networks outside GNS3—including the Internet. 

On Windows 8.x, install a loopback adapter, but do not add it to a bridge. 
Instead, configure Internet Connection Sharing (ICS) on your physical 
interface (Ethernet or Wi-Fi). To do so, right-click the Start button and 
select Network Connections. Next, right-click your physical Interface 
and select Properties. Select the Sharing tab, and check the Allow other 
network users to connect through this computer’s Internet connection 
option. Lastly, select your loopback adapter from the Home Networking 
Connection drop-down menu, and click OK. 

Configuring Unix-Based Systems 

On Ubuntu Linux, create an NIO Ethernet connection using your PC’s 
Ethernet interface. On OS X and some Linux systems, use an NIO TAP 
connection configured with /dev/tapO and bridge the TAP interface 
to your PC’s Ethernet interface. 

Creating a Simple Network 

Create a project by adding a router and a Cloud node to your workspace 
and adding a link from the router to the Cloud. In Figure 7-20, the Cloud 
is configured using the Windows loopback adapter, named Local Area 
Connection 2. 


Cloud 1 


Figure 7-20: Connecting to a Cloud using a Windows 
loopback adapter 
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To test Internet connectivity, attach an Ethernet cable from your PC 
to an Internet device, like a cable modem, and configure an IP address on 
your GNS3 router. If you use DHCP to assign an IP address as I did here, 
you may have to wait a moment for the router to receive an IP address 
before you can test connectivity. 


Rl(config)# ip domain-lookup 
Rl(config)# ip name-server 8.8.8.8 
Rl(config)# interface fo/o 
Rl(config)# no shutdown 
Rl(config-if)# ip address dhcp 

*Mar 1 00:01:08.875: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernetO/O assigned 
DHCP address 192.168.1.101, mask 255.255.255.0, hostname Rl 


After your router has obtained an IP address, you should be able to 
ping a host on the Internet. Try to ping www.gnsJ.netl You’re not limited to 
using a router to connect to the Internet; you can also use an ASA device, 
Juniper router, or any other device that supports TCP/IP. 


NOTE 


If you have other devices behind router Rl, you need to configure NAT on Rl 
before they can route to the Internet. For more information, visit Cisco’s website 
(http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_ 
note09186a0080094e77.shtml#topic6). 


Final Thoughts 

In this chapter, we looked at configuring GNS3 device nodes and integrat¬ 
ing them into your projects using Cisco IOS. They’re simple to set up and 
well suited for large projects because they greatly reduce the load on your 
PC. Compared to Dynamips devices, GNS3 device nodes use almost no PC 
resources. 

Connecting a GNS3 device to a live Cisco switch is tricky. If you choose 
to create a standard 802. IQ trunk to connect with a live switch, you can use 
either an EtherSwitch router or an Ethernet switch node, but your PC oper¬ 
ating system and Ethernet adapter drivers must both support 802.IQ tagging. 
Without the proper VLAN tags, trunking won’t work. 

If you have an extra IOS switch, you can create a breakout switch, which 
is a very reliable way to integrate multiple real Cisco switches into your GNS3 
projects. A breakout switch works most reliably on Linux systems but can 
also be configured using Windows and OS X. 

In the next chapter, we’ll look at some more advanced features including 
Cisco, ASA, and IDS/IPS. 
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CISCO ASA, IDS/IPS, 
AND IOS-XRV 


You’ve already seen some of the ways 
GNS3 can interact with other software 
and operating systems. In this chapter, 
you’ll delve deeper into the advanced features 
of GNS3 and explore how you can expand your proj¬ 
ects by interacting with additional Quick Emulator 
(QEMU) virtual devices and software. 

Knowing about technologies such as Cisco’s ASAs, Intrusion Detection 
Systems/Intrusion Prevention Systems (IDSs/IPSs), and IOS-XR broadens 
your view of Cisco and GNS3 and can be useful when choosing a network 
certification path. Plus, it’s a lot of fun to play with virtualized Cisco products 
that are otherwise inaccessible to most people. It’s also important to learn 
how to use some of Cisco’s GUI-based tools. 

I’ll begin by showing you how to install Cisco Configuration Professional 
(CCP) software, a web-based alternative to configuring routers via the Cisco 
command line interface. Next, you’ll learn how to configure and run an 
ASA. I’ll discuss using Cisco’s Adaptive Security Device Manager (ASDM) 



software, which is similar to the CCP software mentioned earlier but used 
to configure ASAs. By the end of the chapter, you’ll learn that patience 
is not only a virtue but a prerequisite when you set up a Cisco IDS/IPS. 
Finally, I’ll show you how to configure and use Cisco IOS-XRv devices 
in GNS3. 


Cisco Configuration Professional 

Most engineers use IOS commands to configure routers and switches, 
but there are other ways. CCP is a web-based alternative that uses “smart 
wizards” to simplify router configuration, and it provides tools to help you 
monitor and troubleshoot networks and VPNs. In a nutshell, CCP allows 
less experienced users to get their equipment up and running. 

Project Configuration 

To use CCP with GNS3, you'll create a 
simple project using one router and a 
VirtualBox virtual machine running 
Microsoft Windows, as in Figure 8-1. 

Although there are other methods to 
do this, I’ve chosen to demonstrate this 
method because it should work on any PC 
that’s running GNS3 (Windows, Linux, 
and OS X). 

Log on to the Windows computer and 
disable the firewall to ensure that CCP 
has unrestricted communication with 
your router. (This isn’t mandatory, but it 
may prevent headaches later.) Assign the 
Windows guest an IP address on the same 
subnet as your router (in this example, 

10 . 10 . 10 . 100 ). 

Next, create a basic configuration on your router. 


Windows 


10 . 10 . 10.100 

R1 

10 . 10 . 10.1 

Figure 8-1: CCP topology with a 
router and Windows host 



O Rl(config)# ip http server 

Rl(config)# ip http secure-server 

Rl(config)# ip http authentication local 

© Rl(config)# username admin privilege 15 secret cisco 

Rl(config)# interface fO/O 

© Rl(config-if)# ip address 10.10.10.1 255.255.255.0 
Rl(config-if)# no shutdown 


You need to enable the router’s web server O, create a user with full 
EXEC mode privileges ©, and assign an IP address to the interface ©. In 
this example, the router is assigned IP address 10.10.10.1. 


NOTE 


You have to create a Cisco admin account with full EXEC mode privileges (privi¬ 
lege 15) so that later you’ll have sufficient rights to configure the router using CCP. 
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After configuring the router, test connectivity between the Windows 
guest and the router using a ping command. 

C:> ping 10.10.10.1 

If you can successfully ping the router, then it’s safe to proceed. If you 
cannot ping the router, check your IP addresses and interfaces. 

CCP Installation 

CCP is a Java-based application that interacts with a web browser, so before 
you begin, download and install Java if you don’t have it already (http:// 
www.java.com/). Make sure you also have the latest version of Adobe Flash 
Player (http://www.adobe.com/) .You can download Cisco Configuration 
Professional from the Cisco website (http://www.cisco.com/). 

To install CCP, log on to your Windows virtual machine and launch the 
setup program; you should see the CCP installation wizard. Click Next and 
follow the instructions to complete the setup. 

Running CCP 

Launch Cisco Configuration Professional by right-clicking the program 
icon and choosing Run as Administrator. When the program opens, you’ll 
be asked for the IP address of a router you want to manage. You should see 
the CCP Device Manager, shown in Figure 8-2. 



Figure 8-2: CCP Device Manager 
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Enter the IP address you assigned to the router (10.10.10.1), enter the 
administrator username and password you assigned earlier (admin and 
cisco), and then click OK. After logging on, you should see the CCP man¬ 
agement screen, shown in Figure 8-3. 



Figure 8-3: Cisco CCP management screen 


Before you can manage your router, you have to select it by first clicking 
the router hostname R1 O and then clicking Discover © so CCP can dis¬ 
cover its features and capabilities. After it’s been discovered, you can set up 
your router by clicking Configure © in the toolbar. The advantage of using 
CCP is that it guides you through the process of assigning IP addresses, 
NAT, VPNs, and other Cisco features without you having to know any IOS 
commands. Be aware that Cisco certification exams primarily focus on IOS 
commands, and not CCP, to configure devices. 

Cisco ASA Firewall 

Cisco’s ASA is an improved version of the old PIX firewall. GNS3 emulates 
a Cisco ASA model 5520. Although it’s not a router, you may be surprised 
to learn that the ASA supports several routing protocols, including RIP, 
EIGRP, and OSPF, allowing you to easily network them with other GNS3 
routed devices. 
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Acquiring an Image 

Before you can use an ASA virtual machine with GNS3, you need an image 
hie of the ASA operating system. The fastest way to get an image of the ASA 
operating system is to copy it from an ASA you already own (that is, from the 
ASA installation CD or directly from an ASA device). Copying Hies from 
a Cisco ASA works the same way as copying Hies from a Cisco router: you 
can use FTP or TFTP. In this example, you’ll use a TFTP server. There are 
plenty of free TFTP servers to choose from, so find one you like and install 
it on your PC. 

After you have a TFTP server running on your network, log on to your 
physical ASA and copy your ASA image file to your PC. In the following 
listing, my ASA image file is named asa824-k8.bin, and my TFTP server is 
running on a PC at IP address 192.168.1.100: 


ciscoasa# copy flash:asa824-k8.bin t-ftp 

Address or name of remote host []? 192.168.1.100 


After you have an ASA image file, you need to make some modifica¬ 
tions to the file before you can use it with GNS3. 

Prepping the ASA Image for GNS3 

The Cisco ASA is reallyjust a small Linux PC, and ASA image files like 
asa824-k8.bin contain a compact Linux operating system designed to run 
on ASA hardware. 

The image file includes a Linux kernel and other support software 
for the appliance. To run the ASA software using GNS3, you have to unpack 
the .bin file, make some modifications, and repack it in away that’s suitable 
for QEMU. Fortunately, there are plenty of clever people in the Linux and 
Cisco communities who have written image unpacker software that does this 
for you. You can download Cisco Image Unpacker for Windows from the 
GNS3 website, or you can use a Linux shell script like repack.v4.sh. Regardless 
of which unpacker you choose, you’ll need to find one designed for your ver¬ 
sion of ASA software. After running the script, you should be left with two 
files: asa-vmlinuz (a Linux kernel) and asa-initrd.gz (a RAM disk file). These 
are the files used by QEMU and GNS3. 

If you don’t want to modify your own ASA image file, a quick Internet 
search should turn up plenty of ready-to-use ASA files. These images usu¬ 
ally come in a .zip file that contains the two files (asa-vmlinux and asa-initrd.gz). 

Configuring GNS3 for ASA 

Before configuring an ASA in GNS3, check that QEMU is installed and 
tested on your PC. (See the QEMU installation information for your par¬ 
ticular operating system in Chapter 6.) Next, launch GNS3, select Edit ► 
Preferences on Linux and Windows or GNS3 ► Preferences on OS X, and 
choose QEMU VMs from the panel on the left, as shown in Figure 8-4. 
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© ^ Preferences 


General 
GNS3 server 
Packet capture 
VPCS 

’ Dynamlps 
IOS routers 
»IOS on UNIX 
IOU devices 
* VirtualBox 

VlrtualBox VMs 
’QEMU 

QEMU VMS 



Apply Cancel OK 


Figure 8-4: QEMU VMs preferences 

To create a new ASA in GNS3, click New to start the New QEMU VM 
wizard. Select ASA 8.4(2) from the Type drop-down menu, as shown in 
Figure 8-5. 



Figure 8-5: Creating a new QEMU virtual machine 
and setting Type to ASA 8.4(2) 

By default your device is automatically named ASA, but you can rename 
it whatever you prefer. When you’re done naming your ASA, click Next to 
continue. 
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The wizard should automatically locate and choose the correct QEMU 
binary hie for your PC, as shown in Figure 8-6. 


& New QEMU VM 


QEMU binary and memory 

Please check the Qemu binary is correctly set and the virtual 
machine has enough memory to work. 



Qemu binary; /usr/local/bin/qemu-system-x86_64 (v2.1.1) 
RAM: 11024 MB 


Figure 8-6: Selecting the ASA virtual machine's 
QEMU binary and memory 


If it does not find a QEMU binary, verify that QEMU is installed cor¬ 
rectly on your PC and try again. The default RAM value is 1024MB, but this 
is the minimum amount required to run the ASA image. You can increase 
the value by entering a new value in the held. When you’re done, click Next 
to continue the wizard. 

The last step is to browse and select your initial RAM disk and kernel 
image, as shown in Figure 8-7. 


New QEMU VM 


ASA VM 

Please choose a initrd and a kernel image. 

Linux boot specific settings 

Initial RAM disk (initrd): fiages/QEMU/asa842-initrd.gz[ Browse- 
Kernel image: -ne/jneumann/asa842-vmlinuz Browse... 




Figure 8-7: Linux boot-specific settings for an ASA 
virtual machine 


Set Initial Ram disk (initrd) and Kernel image to the correct hies for 
your computer; these are usually named asa842-initrd.gz and asa842-vmlinuz, 
respectively. 
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When you’re done choosing the two images, click Finish to complete 
the installation. After successfully adding your ASA, the ASA device should 
be displayed in the QEMU VM Preferences window, as shown in Figure 8-8. 


Preferences 


General 

Server 

Packet capture 
VPCS 

’Dynamips 
IOS routers 
"IOS on UNIX 
lou devices 
* VirtualBox 

VirtualBox VMs 
’QEMU 

QEMU VMS 


1 QEMU VM templates 


ISJ ASA 

’ General 



VM name: 

ASA 


Server: 

local 


Memory: 

1024 MB 


QEMU binary: 

* Network 

qemu-system-x86_64 


Adapters: 

4 


Type: 

’ Linux boot 

el 000 


Initial RAM disk: 

/home/user 1/GNS3/images/QEMU/asa842-ii 


Kernel image: 

/home/user1/GNS3/images/QEMU/asa842-v 


Kernel command line: 

* Optimizations 

ide_generic.probe_mask=0x01 ide_core.chs: 


CPU throttling: 

80% 


Process priority: 

* Additional options 

low 


Options: 

-icount auto -hdachs 980,16,32 -nographic 



) »i 


._ jm. ..if 

_Edit_ J [ Delete J 


Apply Cancel OK 


Figure 8-8: QEMU VMs preferences for an ASA virtual machine 


The current settings of your ASA should be displayed in the panel on 
the right, and one setting you should note is CPU throttling (located under 
Optimizations). 

Unlike Dynamips devices, the ASA does not have an Idle-PC option to 
control CPU consumption. This means that an ASA can consume your entire 
CPU, much like a Dynamips router does when no Idle-PC value has been 
set. To prevent this, GNS3 uses another open source application (epulimit) 
to adjust the maximum amount of CPU that a QEMU/ASA instance can 
consume. The default value is 80 percent, which works well in most situ¬ 
ations. You can edit your ASA settings and raise or lower the value, but be 
careful; using too little of your CPU, by decreasing the percentage, can 
result in poor ASA performance and frequent ASA crashes, and setting the 
percentage too high can result in slower overall PC performance. 

Another setting to note under Optimizations is the Process priority. The 
default value in GNS3 is low, but it can be set to low, medium, or high. The 
Process priority determines when the QEMU/ASA instance gets CPU time. 
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Processes with a high priority gain access to the CPU before processes with 
a low priority. In general, changing the priority should have little or no 
effect on your system, but to be safe, keep it set to low to prevent your ASA 
from potentially overriding important system processes. 

On Windows and OS X, the cpulimit program should have been installed 
with GNS3. On Ubuntu Linux you need to install cpulimit using the follow¬ 
ing command: 


$ sudo apt-get install cpulimit 


Now that your ASA virtual machine won’t take over your system, let’s 
log on to an ASA and perform a basic configuration. 

Testing an ASA in GNS3 

Drag an ASA firewall node from the Devices toolbar to your workspace. Your 
ASA should be located in the Security Devices section of the toolbar. Start 
the ASA and open a GNS3 console connection. While it loads, you should see 
standard ASA startup messages followed by the ASA command prompt: 


ciscoasa> 


A few error messages before the prompt are perfectly normal, but if 
your ASA fails to start or you see a lot of errors, check your settings or try a 
different ASA image hie. 


NOTE 


It’s not uncommon for an ASA in GNS3 to hang or stall during the boot cycle, espe- 
cially on older hardwa re. If this happens, stop and restart the ASA. It may take a 
couple attempts before you get a successful boot. 


To test simple network connectivity, create a link from your ASA to 
another GNS3 device in your workspace. Next, open a console connection 
to the ASA and configure an interface with an IP address. 


ciscoasa> enable 
ciscoasa# configure terminal 
ciscoasa(config)# interface GigabitEthernetO 
ciscoasa(config-if)# ip address 10.10.10.1 255.255.255.0 

ciscoasa(config-if)# nameif inside 
ciscoasa(config-if)# no shutdown 


After you’ve configured an interface, use a ping command to test con¬ 
nectivity from your ASA to other devices in your project. 


WARN I NG 


Even with CPU throttling en abled, ASA devices are processor intensive, so you may 
want to use them sparingly in your projects, especially if you have a low-end PC. 


Cisco ASA, IDS/IPS, and lOS-XRv 131 



After verifying that your ASA device is running properly, you’re ready 
to begin adding them to your projects. This can be helpful for learning 
how to configure the ASA or to prepare for a Cisco certification exam. 


ASDM Installation 

Cisco’s ASDM is similar to the CCP software that was covered in “Cisco 
Configuration Professional” on page 124, so many of the details are the 
same. Like CCP, ASDM provides a point-and-click Java-based web interface. 
The key difference between CCP and ASDM is that ASDM is designed to 
configure only the Cisco ASA, not other Cisco devices. 

Before you install the ASDM software, 
create a project like the one in Figure 8-9. 

You’ll use the Windows virtual machine to 
install and run the ASDM application, and 
then you’ll launch ASDM and use it to take 
a look at the ASA. 

There are two ways to acquire the 
ASDM software: copy it from the flash 
memory of a real ASA or find it online. 

After you have the ASDM software, it 
needs to be stored on your virtual ASA’s 
flash drive; from there you’ll install it on 
your Windows virtual machine PC using a 
web browser. I recommend Mozilla Firefox 
because I’ve found that it runs ASDM bet¬ 
ter than Internet Explorer. (Just be sure 
to disable any pop-up blockers and fire¬ 
walls and install the latest version of Java.) You’ll also need FTP or TFTP 
server software to copy the ASDM software from the GNS3 Windows virtual 
machine to your ASA. 

After you have an ASDM image, there’s some prep work to do on the 
ASA device so you can copy over the ASDM image. Enter these commands 
on the ASA: 


ASA-1 


eO 


, SW1 


10 . 10 . 10.1 



Figure 8-9: ASDM topology with an 
ASA firewall and Windows guest 




ciscoasa(config)# interface gigabitEthernetO 
© ciscoasa(config-if)# ip address 10.10.10.1 255.255.255.0 
ciscoasa(config-if)# nameif inside 
ciscoasa(config-if)# no shutdown 
ciscoasa(config-if)# exit 

© ciscoasa(config)# username admin password cisco privilege 15 
© ciscoasa(config)# http server enable 

ciscoasa(config)# http 10.10.10.0 255.255.255.0 inside 


Just like when you set up CCP, start by assigning an IP address to an 
inside interface O. Then, create a local user account ©, and enable the 
HTTP server ©. 
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After the ASA is configured and you have the ASDM software on your 
FTP or TFTP server, copy the software from your Windows virtual machine 
to the flash memory of the ASA. 


ciscoasa# copy tftp flash 

Source filename []? asdm-64l.bin 

Address or name of remote host []? 10.10.10.100 

Destination filename [asdm- 64 i.bin] centers 

Accessing tftp://l0.l0.l0.l00/asdm-64l.bin !!!!!!!!!!! 


This example copies a hie named asdm-641.bin from my GNS3 Windows 
virtual machine to my ASA device using TFTP. 

After copying the ASDM hie, you need to install the software on your 
Windows virtual machine. Launch your web browser and open an HTTP 
Secure (HTTPS) connection to the IP address of your ASA. You should be 
presented with a screen similar to Figure 8-10. 


_ Firsi^i 

I □ Cisco ASDM 6.4(1) ^ + 

^ A https:/ 10.10.10.1/admin/public/index.html P j "ft Q — 


Cisco ASDM 6.4(1) 


• 1 1 1 • 1 1 1 • 
CISCO 


Cisco ASDM 6.4(1) provides an intuitive graphical user interface that makes it easy to set up, 
configure and manage your Cisco security appliances. 


Cisco ASDM can run as a local application or as a Java Web Start application. 

Run Cisco ASDM as a local application 

■When you run Cisco ASDM as a local application, it connects to your security appliance from 
■your desktop using SSL. Running Cisco ASDM as an application has these advantages: 

• You can invoke ASDM from a desktop shortcut. No browser is required. 

• One desktop shortcut allows you to connect to multiple security appliances. 


| Install ASDM Launcher and Run ASDM | 


Run Cisco ASDM as a Java Web Start application 

■You can run Cisco ASDM as a Java Web Start application that is dynamically downloaded 
■from the security appliance. 

• Click Run ASDM to run Cisco ASDM. 

• Click Run Startup Wizard to run the Startup Wizard. The Startup Wizard walks you 
through, step by step, the initial configuration of your security appliance. 


Run ASDM ) [ Run Startup Wizard | 


Copyright © 2006-2011 Cisco Systems, Inc. All rights reserved. 


Figure 8-10: Cisco ASDM install screen 
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Because you’ll be using the Java Web Start option, click Run ASDM. 
Your PC should download Java software and present you with a few security 
warnings, which you can safely click past until you see the Cisco ASDM-1DM 
Launcher, shown in Figure 8-11. 

[El Cisco ASDM-IDM Launcher vl.5(50) [ .=. | ' E fcaj 

Cisco ASDM-IDM Launcher "^'co 

Enter username and password for 10.10.10.1 
Username: admin 

Password: ___) 

| OK | Close | 

Figure 8-11: Windows ASDM-IDM Launcher 



Enter your ASA username and password (admin and cisco) and select 
OK to log on to your ASA. After you have successfully logged on, you can 
begin configuring the system from the ASDM Device Dashboard, shown in 
Figure 8-12. 


f** 1 ) Cisco ASDM 6.4 for ASA -10.10.10.1 
File View Tools Wizards Window Help 


|^f|) Home O^i Configuration ["jl Monitoring |^~j Save Refresh Back j^^For ward ! Help 




I 


. • I •. < I <. 

CISCO 


-_*] Device Dashboard [ Firewall Dashboard] 


E 


General | License 
Host Name: ciscoasa 

ASA Version: 8.4(2) Device Uptime: Od Oh 15m 25s 

ASDM Version: 6.4(1) Device Type: ASA 5520 

Firewall Mode: Routed Context Mode: Single 
Total Flash: 256 MB Total Memory: 1024 MB 


Interface 

inside 


IP Address/Mask Une 

10.10.10.1/24 O up 


Select an interface to view input and output Kbps 


IPSec: 0 Clientless SSL VPN: 0 AnyConnect Client: 0 Details Connections Per Second Usage 


Egg 


CPU CPU Usage (percent) 


02:30 02:31 02:32 

I UDP: 0 ■ TCP: 0 Total: 0 


Memory Memory Usage (MB) 
1 I 1000 1 


'inside' Interface Traffic Usage (Kbps) 


Latest ASDM Syslog Messages 


Device configuration loaded successfully. 


ASDM logging is disabled.To enable ASDM logging with informational level, dick the button below. 
Enable Logging I 


admin 15 




I] 3/30/15 2:34:10 AM UTC 


Figure 8-12: ASDM Device Dashboard 
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The ASDM Device Dashboard includes several wizards that provide 
guided setups for creating common network and virtual private network 
(VPN) configurations. It also provides many real-time statistics to assist you 
in monitoring your network performance. Although not necessarily useful 
in GNS3, this information could be invaluable for maintaining a healthy 
network in real life. 


Cisco IDS/IPS 

The Cisco IDS/IPS identifies and prevents malicious activity on a network. 
In the real world, an IDS/IPS can be a stand-alone Cisco device or a mod¬ 
ule that you plug into an ASA or integrated service router. 

Creating an IDS/IPS virtual machine for GNS3 is a real pain compared 
to most tasks, so before you begin, you may want to set aside a couple of hours. 

Acquiring an IDS/IPS Image 

Like PIX and ASA, IDS/IPS runs on special Linux software. If you own a 
physical IDS/IPS appliance, then an upgrade/recovery CD containing the 
software should have come with your device. 

To install IDS/IPS using a QEMU virtual machine, you need an ISO 
image of the CD. You can create your own ISO image hie using your CD or 
find one on the Internet. In this example, I used an IOS image hie named 
IPS-K9-cd-l.l-a-6.0-6-E3.iso. Other versions of the software may work hne, but 
this version has proven to work well for creating a GNS3-compatible IDS/IPS. 

Creating a QEMU-Ready IDS/IPS System 

IDS/IPS software runs using QEMU, so be sure you have installed it on 
your PC and have tested it with GNS3 before you begin. Then, create a 
build directory for your IDS/IPS and copy your ISO hie to the directory. 
This is where you'll create the IDS/IPS virtual machine. 

To install IDS/IPS software on a QEMU virtual machine, you have to 
create two QEMU virtual hard disk image hies. Open a terminal window 
and enter the following commands to create the images: 


$ qemu-img create ipsdiskl.img 512M 
$ qemu-img create ipsdisk2.img 4000M 


NOTE 


On Windows and. OS Xyou may need to set your system path to include the location 
of your QEMU installation. Please refer to “Installing QEMU on Windows and OS X” 
on page 63 for details. 


Now that you’ve created the virtual disks, enter the following command 
to boot your virtual machine from the ISO image hie: 


$ qemu-system-i386 -hda ipsdiskl.img -hdb ipsdisk2.img -m 1024 -cdrom IPS-K9 
-cd-l.l-a- 6 .O- 6 -E 3 .iso -boot d 
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On Windows systems, replace qemu-system- 1386 in this command with 
qemu-system-i386w. After the system boots, you should see a screen similar to 
Figure 8-13. 


e O O_QEMU 


$Revision$ $Date$ 

Options: apmbios pcibios eltorito rombios32 

ata© master: QEMU HARDDISK ATA-7 Hard-Disk ( 512 MBytes) 
ata0 slave: QEMU HARDDISK ATA-7 Hard-Disk (4000 MBytes) 
atal master: QEMU DUD-ROM ATAPI-4 CD-Rom/DUD-Rom 

Booting from CD-Rom... 

24MB medium detected 

ISOLINUX 2.08 2003-12-12 Copyright (C) 1934-2003 H. Peter Anvin 
Cisco IPS 6.0(6)E3 Upgrade/Recovery CD! 


To recover the Cisco IPS 6.0(6)E3 Application using a local keyboard/monitor 
type: k <ENTER>. 

(WARNING: ALL DATA ON DISK 1 WILL BE LOST) 

To recover the Cisco IPS 6.0(6)E3 Application using a serial connection, 
type: s <ENTER>, or just press <ENTER> 

(WARNING: ALL DATA ON DISK 1 WILL BE LOST) 

ioot: 


Figure 8-13: IDS/IPS installation screen 


At the boot: prompt, enter k to perform a full system recovery. During 
the recovery process, your QEMU virtual machine will boot Linux from the 
ISO image, install a GRUB boot loader, and install the IDS/IPS software. 
When the install finishes copying hies, the virtual machine will reboot 
automatically and end with a “FATAL” boot error message, as shown in 
Figure 8-14. 


e O O_QEMU 


lex86/Bochs UGABios (PCI) current-cvs 17 Dec 2008 
'his UGA/UBE Bios is released under the GNU LGPL 

lease visit : 

. http://bochs.sourceforge.net 
. http://uuu.nongnu.org/vgabios 

:irrus-compatible UGA is detected 

!EMU BIOS - build: 07/11/09 
IRevision$ $Date$ 

iptions: apmbios pcibios eltorito rombios32 

ta0 master: QEMU HARDDISK ATA-7 Hard-Disk ( 512 MBytes) 
taO slave: QEMU HARDDISK ATA-7 Hard-Disk (4000 MBytes) 
tal master: QEMU DUD-ROM ATAPI-4 CD-Rom/DUD-Rom 

looting from CD-Rom... 

IDROM boot failure code : 0003 

loot failed: could not read the boot disk 


I 


ATAL: No bootable device. 


Figure 8-14: FATAL: No bootable device 
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Don’t worry, this error is perfectly normal and expected. Quit QEMU 
and enter the following command to boot the IDS/IPS again: 


$ qemu-system-i386 -name IPS4215 -hda ipsdiskl.img -hdb ipsdisk2.img -m 
1024 -smbios type=l,product=IDS-42l5 -net nic,vlan=l,model=el 000 -net 
nic,vlan=2,model=el000 


The IDS/IPS virtual machine will boot to a Linux GRUB boot menu. 
At the boot menu, enter e to edit an entry. Use the arrow key to move down 
to highlight the kernel entry and enter e again to edit this entry. 

Use the back arrow key to locate and change init=/loadrc to init=l. 
Press enter to accept the change and press b to boot from the modified 
GRUB menu. The system should now boot, bypassing the IDS/IPS startup, 
and bring you to a Linux console. From the console command line, you'll 
use the vi editor to modify some IDS/IPS configuration hies. 


NOTE 


You have to use the vi editor to modify files because no other editor is installed. If you 
are unfamiliar with vi, you’ll want to brush up on it before you continue. Just search 
for man vi online or enter man vi at the command line to view the man page. 


After you’re familiar with vi editing commands, you’re ready to continue. 


Hijacking the Hardware 

First, you’ll need to trick the IDS/IPS software into thinking your QEMU 
virtual machine is a real Cisco 1DS-4215 Appliance Sensor. To fool the soft¬ 
ware, you have to modify two hies: ids_functions and interface.conf. Modifying 
these hies is pretty tedious, and the smallest mistake will prevent you from 
creating a working IDS/IPS device. 

Start by entering the following commands from the shell prompt: 


-sh-2.05b# /loadrc 
-sh-2.05b# cd /etc/init.d 
-sh-2.05b# ./rc.init 


This will mount the Linux hie systems used by the IDS/IPS and initial¬ 
ize the system. Next, use vi to open the ids_functions hie. 


-sh-2.05b# vi ids_functions 


After opening the hie, enter the command /845 to have vi locate the fol¬ 
lowing entry: 


elif [[ 'isCPU 845' -eq $TRUE && $NUM_0F_PR0CS -eq 1 ]]; then 
M0DEL=$IDS4215 
HTLBL0W=8 

MEM_PAGES=${HTLBLOW} 

D E FAU LT_MGT_0S="fe0_0" 

DEFAULT MGT CIDS="FastEthernet0/0" 
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Next, edit the elif statement and DEFAULT MGT statements so they read 
as follows: 


elif [[ 1 -eq 1 ]]; then 
M0DEL=$IDS4215 
HTLBL0W=8 

MEM_PAGES=${HTLBLOW} 

D E F AU L T_MGT_0 S ="ma0_0" 
DEFAULT_MGTCIDS="ManagementO/0" 


When you’re finished editing and certain that you have made the cor¬ 
rect changes, save the Hie and exit the vi editor. 

Next, you'll edit the interface.c-onf file. 


-sh-2.05b# cd /usr/cids/idsRoot/etc 
-sh-2.05b# vi interface.conf 


Use the arrow key to move down to the section that begins with 
####### IDS -4215 ########, modify each of the interface entries starting at 
[models/IDS-4215/interfaces/l] and ending with [models/IDS-42l5/interfaces/6]. 
Each entry must look exactly like the following six entries: 


[models/IDS-4215/interfaces/l] 

name-template=ManagementO/0 

port-number=0 

pci-path=3.0 

vendor-id=0x8086 

device-id=OxlOOe 

type=fe 

mgmt-capable=yes 

net-dev-only=yes 

tcp-reset-capable=yes 

[models/IDS-42l5/interfaces/2] 

name-template=FastEthernetO/0 

port-number=l 

pci-path=4.0 

vendor-id=0x8086 

device-id=OxlOOe 

type=fe 

sensing-capable=yes 

tcp-reset-capable=yes 

[models/IDS-42l5/interfaces/3] 

name-template=FastEthernetO/l 

port-number=2 

pci-path=5.0 

vendor-id=0x8086 

device-id=OxlOOe 

type=fe 

sensing-capable=yes 

tcp-reset-capable=yes 
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[models/IDS-42l5/interfaces/4] 

name-template=FastEthernetO/2 

port-number=3 

pci-path=6.0 

vendor-id=Ox8o86 

device-id=OxlOOe 

type=fe 

sensing-capable=yes 

tcp-reset-capable=yes 

[models/IDS-42l5/interfaces/5] 

name-template=FastEthernetO/3 

port-number=4 

pci-path=7.0 

vendor-id=0x8086 

device-id=OxlOOe 

type=fe 

sensing-capable=yes 

tcp-reset-capable=yes 

[models/IDS-42l5/interfaces/6] 

name-template=FastEthernetO/4 

port-number=5 

pci-path=8.0 

vendor-id=Ox8o86 

device-id=OxlOOe 

type=fe 

sensing-capable=yes 

tcp-reset-capable=yes 


After you’ve finished editing the interfaces, scroll through the entries 
and verify that each interface is correctly configured. If you’re certain 
everything is correct, save the hie and quit vi. Reboot the IDS/IPS virtual 
machine using the reboot command. 


-sh-2.05b# reboot 


The system should boot, configure a few things, and reboot again auto¬ 
matically. After the automatic reboot, immediately quit QEMU when you 
see the GRUB boot manager, shown in Figure 8-15. If you fail to quit and 
relaunch QEMU without using the proper options, the install will fail, and 
you’ll have to start over. 

After quitting QEMU, restart your IDS/IPS virtual machine with the 
following command options: 


$ qemu-system-i386 -name IPS4215 -hda ipsdiskl.img -hdb ipsdisk2.img -m 
1024 -smbios type=l,product=IDS-42l5 -net nic,vlan=l,model=el 000 -net 
nic,vlan=2,model=el000 
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e O O_ QEMUIDSl 


GNU GRUB version 0.94 (636K lower / 1047488K upper memory) 


|| Cisco IPS || 


Cisco IPS Recovery 

Cisco IPS Clear Password (cisco) 


Use the t and i keys to select which entry is highlighted. 
Press enter to boot the selected OS, 'e' to edit the 
commands before booting, or ' c' for a command-1ine. 


Figure 8-15: GRUB boot manager screen 

Your IDS/IPS should now boot to the login prompt shown in Figure 8-16. 


e O O QEMU IPS4215 



Figure 8-16: IDS/IPS login prompt 


You’re almost done! Log on to the system by entering the default user- 
name cisco and password cisco, and you should be directed to reset the 
password. If any part of the IDS/IPS setup has gone wrong, you may see the 
message “UNSUPPORTED HARDWARE DETECTED,” as in Figure 8-17. 

At this point, you could continue using the IDS/IPS virtual machine, or 
you could start over. I recommend you start over and create a new IDS/IPS 
until you can log on without errors. If you continue, the IDS/IPS system 
may produce further errors and not work as expected. 


140 


Chapter 8 










Figure 8-17: "UNSUPPORTED HARDWARE DETECTED" error 


When you can log on without errors, you’re ready to continue. 

Testing IDS/IPS (or Patience Is a Virtue) 

The Hrst time you log on to the IDS/IPS virtual machine, you will have 
to wait approximately 20 minutes or so while the system rebuilds its regex 
cache tables. This is normal even for an actual IDS/IPS appliance, and you 
should not interrupt it. You can check the progress periodically using the 
iplog-status command. 


sensor# iplog-status 


If the status message reads “Error: getlpLogList: Analysis Engine is 
busy rebuilding regex tables. This may take awhile.” then the system is still 
working and should not be interrupted. After the rebuild is finished, you 
should instead see “No IP logs available.” 

When the rebuild is finished, enter the reset command to shut down 
and reboot the virtual machine. Unfortunately, there’s no elegant way to 
shut down the system. To avoid file corruption, you should quit QEMU 
when the reboot reaches the GRUB boot menu. 


Configuring GNS3 for IDS/IPS 

Adding an IDS/IPS to GNS3 is similar to adding an ASA. To add an IDS/IPS 
device, launch GNS3, select Edit ► Preferences on Linux and Windows or 
GNS3 ► Preferences on OS X, and select QEMU VMs from the sidebar, as 
shown in Figure 8-18. 
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Preferences 


General 
GNS3 server 
Packet capture 
VPCS 

* Dynamlps 

IOS routers 
’ IOS on UNIX 
IOU devices 

* VirtualBox 

vlrtualBox VMs 



IQEMU VMs preferences 



» General 


VM name: 

IDS 

Server: 

local 

Memory: 

1024 MB 

QEMU binary: 

qemu-system-x86_64 

» Hard disks 


Disk image (hda): 

/home/jneumann/GNS3/images/QEMU/ipsdisk1.img 

Disk image (hdb): 

/home/jneumann/GNS3/images/QEMU/ipsdisk2.img 

* Network 


Adapters: 

3 

Type: 

elOOO 

* optimizations 


CPU throttling: 

disabled 

Process priority: 

normal 

* Additional options 


Options: 

-smbios type-1 .product-IDS-4215 -nographic 


Apply 


Cancel 


Figure 8-18: IDS Preferences 


To create a new IDS/IPS in GNS3, click New to start the New QEMU VM 
wizard. Select IDS from the Type drop-down menu, as shown in Figure 8-19. 


OP New QEMU VM 


Name and type 

Please choose a descriptive name for the new QEMU virtual 
machine and select the type of device. 


Name: IDS 
Type: IDS 


Next > cancel 


Figure 8-19: Selecting IDS in the New QEMU VM wizard 


By default your device is automatically named IDS. Click Next to con¬ 
tinue. GNS3 should automatically locate and choose the correct QEMU 
binary hie for your PC, shown in Figure 8-20. 
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New QEMU VM 


QEMU binary and memory 

Please check the Qemu binary is correctly set and the virtual 
machine has enough memory to work. 

Qemu binary: /usr/local/bm/qemu-system-x86_64 (v2.l.1) 



RAM: [ [1024 MB 



Figure 8-20: QEMU binary and memory screen 


Set the RAM field to 1024 MB or greater, and click Next to continue to 
the Disk image (hda) selection, shown in Figure 8-21. 


© New QEMU VM 


Disk Image 

Please choose a base disk image for your virtual machine. 

Disk image (hda): frie/jneumann/GNS3/add-in/ipsdiskl.img| Browse... 



Figure 8-21: Chooseing a disk image 


Browse and select the file named ipsdisk 1.img that was created when 
you built your QEMU-ready IDS system. Click Next to continue to the Disk 
image (hdb) selection screen and choose ipsdisk2.img. Click Finish to com¬ 
plete the installation. You’re now ready to test your IDS. 

Verifying IDS/IPS in GNS3 

To verify that your IDS/IPS is working, drag an IDS/IPS node to your work¬ 
space and start the device. GNS3 cannot open a console connection to an 
IDS/IPS device until after it has fully booted. This means you will not see 
any IDS/IPS messages prior to the login prompt. After the login prompt 
appears, you should be able to log in and configure the IDS/IPS. To pre¬ 
vent hie corruption from occurring, use the reset command whenever you 
shut down the device. 
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After determining that your IDS/IPS is in good working order, you 
should make a backup copy of the QEMU disk image hies. If something 
happens to your working IDS/IPS device, a backup copy of the hies can save 
you hours of work later. 


Cisco lOS-XRv 

Cisco offers a version of IOS-XR in the form of a 32-bit virtual machine 
called IOS-XRv. The cool thing about IOS-XRv is that it’s not an emulator 
like IOU or NX-OSv. Instead, it’s a “hamstrung” version of IOS-XR that con¬ 
tains only a single route processor (RP). Network throughput is limited to 
2Mbps, and there’s a hard-coded AAA user named cisco with the password 
cisco, making it impossible to use in a production environment, unless you 
want a slow and insecure network. Despite these limitations, the operating 
system includes management features, routing, and forwarding capabilities. 

The software is designed to run using VMware ESXi or QEMU, making 
it a breeze to use with GNS3. If you have a Cisco CCO account, you should 
be able to download the software from the Cisco hie exchange. 


Configuring GNS3 for IOS-XRv 

Cisco IOS-XRv hies come in two image formats; the hrst is an OVA, and the 
second is a Virtual Machine Disk (VMDK) hie. The OVA image (ending 
in .ova) is suitable for use with VMware ESXi; the VMDK hie (ending in 
.■ vmdk ) is ready to use with QEMU, and it’s the hie you’ll use in GNS3. In 
this example, I’ll be using an image hie named iosxrv-k9-demo-5.2.2.vmdk. 

Adding an IOS-XRv device to GNS3 is pretty straightforward. You’ll 
launch the New QEMU VM wizard and follow the prompts; then you’ll edit 
the device, making a small change to increase the number of adapters. To 
add an IOS-XRv device, select Edit ► Preferences on Linux and Windows or 
GNS3 ► Preferences on OS X and then select QEMU VMs from the panel 
on the left. Click New to start the configuration and open the dialog in 
Figure 8-22. 


© © New QEMU VM 


Name and type 

Please choose a descriptive name for the new QEMU 
virtual machine and select the type of device. 

Name: | IOS-XRv 
T ype: Default 


Back Cancel 



Figure 8-22: New QEMU VM wizard 
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Set Type to Default and enter a name for your device; I've entered 
IOS-XRv. When you’re finished, click Next to proceed to the QEMU binary 
and memory settings, shown in Figure 8-23. 


New QEMU VM 


QEMU binary and memory 

Please check the Qemu binary is correctly set and the 
virtual machine has enough memory to work. 


Qemu binary: 

/usr/local/bin/qemu-system-x86_64 (v2.1.1) 

cj 

RAM: 

2048 MB 



<Back Next> j cancel 



Figure 8-23: Configuring IOS-XRv for 64-bit systems 


IOS-XRv can run using 32-bit or 64-bit QEMU hardware emulation. 
Because I'm running a 64-bit operating system on my PC, I’ve chosen to use 
a 64-bit QEMU binary, named qemu-system-x86_64 (shown in Figure 8-23), 
and I’ve set RAM to 2048 MB, which is the recommended amount. However, 
if you run a 32-bit operating system, such as Windows, you’ll have to set the 
RAM to less than 2048MB. This is because the 32-bit QEMU program is 
unable to allocate that much memory to the IOS-XRv virtual machine. In 
this case, you should enter 1920 MB and use the drop-down menu to choose 
the QEMU binary named qemu-system-i386w.exe, as shown in Figure 8-24. 
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New QEMU VM 


QEMU binary and memory 

Please check the Qemu binary is correctly set and the virtual machine has 
enough memory to work. 



Qemu binary: C:program Files\GNS3\qemu\qemu-system-i386w.exe 
RAM: 1920 MB 


< Back Next > Cancel 


Figure 8-24: Configuring IOS-XRv for 32-bit Windows systems 
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After configuring your QEMU binary and RAM, click Next to proceed 
to the Disk Image selection screen in Figure 8-25. 


New QEMU VM 


Disk image 

Please choose a base disk image for your virtual machine. 

Disk image (hda): |ages/QEMU/iosxrv-k9-demo-5.2.2.vmdk| Browse.. 


< Back Finish Cancel 

Figure 8-25: Selecting a disk image 



Click the Browse button to locate and choose your IOS-XRv .vmdk 
image hie. I’ve selected a disk image named iosxrv-k9-demo-5.2.2.vmdk. 

When you’re done selecting your image, click Finish to close the wiz¬ 
ard. Next, select your newly created IOS-XRv device and click Edit. Select 
the Network tab and increase the number of adapters to 4. Click OK to 
close the window and then click Apply and OK to commit the change. You 
can set the number of adapters to whatever best suits your needs, but four 
should be suitable for most GNS3 projects. 

Creating a Simple IOS-XR Project 

Cisco IOS-XR is very IOS-like, but it’s not IOS. In this section, you’ll config¬ 
ure a simple project using one Dynamips router and one IOS-XRv device, 
shown in Figure 8-26. 


lol: 172.16.1.1 
lo2: 172.16.2.1 
lo3: 172.16.3.1 


R1 



IOS-XRv 1 


el \\Q}\ 

10 . 1 . 1 . 2 /— \ 


Figure 8-26: A simple IOS-XRv project 


You’ll use EIGRP to advertise three networks from router R1 to the 
IOS-XRvl device. Finally, you’ll verify the routes using some IOS-XR com¬ 
mands. This is only a basic introduction to IOS-XR. If you truly want to 
learn IOS-XR, you’ll have to dig deep into Cisco’s documentation. 
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Configuring the Router 

Begin by configuring router Rl. Configure an IP address on the Ethernet 
interface that’s linked to IOS-XRvl. 


Rl# configure terminal 
Rl(config)# interface fo/o 

Rl(config-if)# ip address 10.1.1.1 255.255.255.0 
Rl(config-if)# no shutdown 


Next, configure the three IP addresses on router Rl’s loopback interfaces. 


Rl(config-if)# interface loopbackl 
Rl(config-if)# ip address 172.16.1.1 255.255.255.0 
Rl(config-if)# interface loopback2 
Rl(config-if)# ip address 172.16.2.1 255.255.255.0 
Rl(config-if)# interface loopback3 
Rl(config-if)# ip address 172.16.3.1 255.255.255.0 
Rl(config-if)# exit 


These addresses will be advertised to your IOS-XRvl device using EIGRP. 
Finally, configure EIGRP and advertise all the networks. 


Rl(config)# router eigrp 10 
Rl(config-router)# no auto-summary 
Rl(config-router)# network 10.0.0.0 
Rl(config-router)# network 172.16.0.0 


After you’ve finished configuring router Rl, configure the IOS-XR 
device. 

Configuring the I0S-XR Device 

Log on to IOS-XRvl and create a similar configuration to the one you 
created on router Rl. You’ll configure an IP address and enable EIGRP to 
allow IOS-XRvl and router Rl to exchange routing information. 

© RP/0/0/CPU0:ios# 

RP/0/0/CPU0:ios# configure terminal 

RP/0/0/CPU0:ios(config)# interface GigabitEthernet 0/0/0/0 
© RP/0/0/CPU0:ios(config-if)# ipv4 address 10.1.1.2/24 
RP/0/0/CPU0:ios(config-if)# no shutdown 
RP/0/0/CPU0:ios(config)# router eigrp 10 
© RP/0/0/CPU0:ios(config-eigrp)# address-family ipv4 
0 RP/0/0/CPU0:ios(config-eigrp-af)# interface GigabitEthernet 0/0/0/0 
© RP/0/0/CPU0:ios(config-eigrp-af)# commit 


The first notable difference between IOS and IOS-RX is the command 
prompt. The IOS-XRvl command prompt O indicates that your context is 
the first route processor (RP/0/0/CPU0). Because this is a demo version of 
IOS-XRv, it’s limited to this single route processor. 
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Next, when an IP address is configured on an Ethernet interface, you 
have to specify the family of the IP address you’re using (IPv4 or IPv6), and 
the subnet mask is represented in CIDR notation (/24) ©. Similarly, you 
have to specify IPv4 or IPv6 when configuring the EIGRP route process ©. 
Lastly, you advertise networks by placing an IP-configured interface under 
the EIGRP route process 0. When you’re done, be sure to commit your 
changes ©. 

Once you’ve configured everything, enter the show eigrp neighbors 
command, and you should see this output: 


RP/0/0/CPU0:ios# show eigrp neighbors 
IPv 4-EIGRP Neighbors for AS(lo) VRF default 


Address 

Interface 

Hold Uptime 

SRTT RT0 

0 

Seq 



(sec) 

(ms) 

Cnt 

Num 

OlO. 1 . 1.1 

©Gio/o/o/o 

13 00:28:09 

19 200 

0 

3 


In a correct configuration, an EIGRP neighbor adjacency will form with 
router R1 at IP address 10.1.1.1 O from interface Gi0/0/0/0 ©. 

Now, verify that all the 172.16.0.0 networks have been advertised from 
router R1 to IOS-XRvl using the show route command. 


RP/0/0/CPU0:ios# show route 
--srtip-- 

C 10.1.1.0/24 is directly connected, 02:58:51, GigabitEthernet0/0/0/0 

L 10.1.1.2/32 is directly connected, 02:58:51, GigabitEthernet0/0/0/0 

D 0172.16.1.0/24 [90/2570240] via 10.1.1.1, 00:43:21, GigabitEthernet0/0/0/0 

D 0172.16.2.0/24 [90/2570240] via 10.1.1.1, 00:43:21, GigabitEthernet0/0/0/0 

D 0172.16.3.0/24 [90/2570240] via 10.1.1.1, 00:43:21, GigabitEthernet0/0/0/0 


All of the 172.16.0.0 networks have been successfully added to the 
IOS-XR routing table O. You can test connectivity by pinging one of the 
addresses. 


RP/0/0/CPU0:ios# ping 172.16.1.1 
Thu Oct 16 03:20:27.508 UTC 
Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: 

!!!!! 

O Success rate is 100 percent (5/5), round-trip min/avg/max = 9/19/49 ms 


Here, the ping was 100 percent successful O. Now, save the configuration. 


RP/0/0/CPU0:ios# copy running-config nvram: 

Thu Oct 16 03:22:39.679 UTC 

Destination file name (control-c to abort): [/running-config]? <enter> 
Building configuration. 

24 lines built in 1 second 
[OK] 
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By now it should be obvious that IOS-XR is a little different from tradi¬ 
tional IOS, but it’s also similar. IOS-XRv is a reliable platform, and it’s a lot 
of fun to play with in GNS3. Perhaps someday Cisco will port aversion of 
IOS-XR from their carrier class routers down to their smaller commercial 
routers. If so, practicing with IOS-XRv in GNS3 will help prepare you for it. 


Final Thoughts 

Using GNS3, you can quickly become proficient at configuring and install¬ 
ing ASA firewalls. Having worked with Cisco gear for more than a decade, 
I’ve learned that ASAs are rock solid and work great for small network 
installations. Understanding how to configure the ASA is a must for anyone 
involved in small business networking. They’re one of the few nonenterprise 
Cisco products that are reasonably priced, feature rich, and easy to install. 

Using ASDM, you can quickly configure an ASA to allow remote users 
to connect to their corporate networks through an IPSec VPN. Several 
cross-platform VPN clients are compatible with Cisco ASAs and routers; 
OS X has a built-in Cisco VPN client. On Windows, you have to install the 
Cisco VPN Client or Cisco AnyConnect software. On Linux, you can use 
Virtual Private Network Connection (VPNC), which works great. I use VPNC 
on a daily basis with Linux to access VPNs all across the country. 

In the next chapter, you’ll look at Cisco IOU and learn how to integrate 
IOU devices into GNS3 projects. It’s an exciting new advancement that 
broadens the future of GNS3. 
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CISCO IOS ON UNIX 
AND NX-OSV 


In this chapter, I’ll discuss strategies 
for installing and integrating Cisco IOU 
devices with GNS3. You’ll also learn how to 
install and run Cisco’s next-generation switch 
operating system (NX-OS) using VirtualBox and 
NX-OSv. 

Cisco IOU 

Cisco IOU is one of the cooler things to happen to the Cisco education 
community in a long time. IOU functions similarly to Dynamips but uses 
far fewer resources. Like Dynamips, IOU allows you to add routers and 
switches to your GNS3 projects. Unlike Dynamips, IOU images emulate 
the features of an IOS technology train rather than the hardware compo¬ 
nent of a particular Cisco model. Each IOU image hie is a self-contained 
binary application that runs an instance of a device. There are images 



designed for routing, switching, voice over IP (VoIP), and Pagent (for gen¬ 
erating IP traffic). IOU doesn’t require a hypervisor to emulate Cisco hard¬ 
ware, often making IOU devices less memory hungry and CPU intensive 
than Dynamips devices. The obvious advantage here is that you can create 
larger topologies on a modestly configured PC. 

In 2010, Cisco integrated IOU into the Cisco Learning Network to 
provide online virtual labs for CCNA and CCNP students. The labs are 
inexpensive and well designed. If you’re interested in Cisco Learning Labs, 
you should check out the Cisco Learning Center (http://learningnetwork 
.cisco.com/). 

As the name implies, IOS on Unix runs only on Unix-based systems. 
Sometimes referred to as IOS on Linux (IOL), it was developed on Solaris 
Unix and Linux. 

What IOU Means to GNS3 

After Cisco announced it was moving away from industry-standard hard¬ 
ware in favor of proprietary integrated service router (ISR) hardware, the 
GNS3 community wondered whether the end of Dynamips and GNS3 had 
arrived. Without access to the technical specifications for the new propri¬ 
etary hardware, it would be impossible to create a new hypervisor required 
to run the latest IOS software. Eventually, the old Dynamips devices would 
stop getting IOS updates and become obsolete. 

Cisco actually keeps IOS current for the 7200 series routers that GNS3 
uses, but all other GNS3 routers stop cold at IOS release 12.4(15)T, which 
imposes limits on learning modern technologies such as VoIP. This is why 
IOU is exciting. It breathes new life into GNS3 by allowing you to integrate 
updated IOS technologies into your GNS3 projects—and that’s pretty cool! 

Switching, Switching, and More Switching! 

One of the best reasons to integrate IOU into GNS3 is that you can use 
many of Cisco’s advanced switching features, which are missing from the 
NM-16ESW module in Dynamips (refer to Appendix C). These features 
allow GNS3 to step up its game and become an all-inclusive training 
tool for more advanced certifications like CCIE. 

With IOU, you no longer have to purchase physical switches and create 
a breakout switch or use funny little tricks like ISL bridging to access real 
switches. Using a GNS3 EtherSwitch router, it’s now possible to create a 
regular 802.IQ trunk link from your Dynamips switches to an IOU switch 
block running on your PC. IOU switches are stable, run fast, and, unlike 
physical switches, are completely portable, which means they can travel 
with you on a laptop as part of your GNS3 projects. 
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IOU Images 

IOU images are designed around IOS features, and their filenames 
often reveal what features they include, much like IOS image filenames. 

For example, let’s break down the filename of an IOU switch named 

T86BT_IJNUXL2-UPK9-M-15.0. 

I86BI Indicates this is an Intel 32-bit binary image. 

LINUX Indicates it runs on Linux. 

L2 Indicates it’s an L2/L3 switch. 

UPK9 Indicates the image contains advanced cryptographic features 

such as 3DES/AES. 

M Indicates it’s a mainline IOS. 

15.0 Specifies the IOS version the image is based on. 

Using this information, you should be able to look at almost any IOU 
filename to quickly determine what features it includes. 

Things to Know Before Installing IOU 

By default, a standard GNS3 installation doesn’t allow you to run IOU 
devices. IOU devices are Linux binary Hies, so they can be run using a 
Linux operating system only. Typically, images are 32-bit binary files, but 
with the proper library files, you can easily run them on 64-bit Linux 
systems. If you’re running GNS3 on Windows or OS X, you have to install a 
virtualization program like VirtualBox and run your IOU devices using a 
Linux virtual machine. Fortunately, GNS3 provides an IOU virtual machine 
that you can download from the GNS3 website. The GNS3 IOU virtual 
machine is ready to run IOU images, provides an easy way for you to 
upload your images, and doesn’t require that you know how to use Linux 
commands. 

The upside to running GNS3 in Linux is that installing and config¬ 
uring IOU is more straightforward, and everything should run seamlessly 
without extra configuration. The downside is that you have to know a little 
something about Linux, but in my opinion, that’s a small price to pay. When 
you run GNS3 on Windows or OS X, you have to configure it to communi¬ 
cate with the Linux virtual machine over TCP/IP, which can be a pain to 
manage. If your workstation or IOU virtual machine’s IP addresses change 
(which often happens), you’ll have to reconfigure GNS3 to use the new IP 
addresses. Also, when you upgrade GNS3, you have to upgrade the GNS3 
server software that runs on the IOU virtual machine. The version numbers 
must be identical, or IOU will not run. These steps are unnecessary when 
you run both GNS3 and IOU on Linux. 
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Setting Up IOU on a Linux PC 

There are some distinct advantages to running GNS3 and IOU on a 
Linux PC. The big one is that you don’t need to use an IOU virtual 
machine because on Linux IOU image hies run natively. This means you 
don’t have to give up precious resources, such as CPU cycles and memory, 
that would be taken by the IOU virtual machine. Another advantage is that 
you can use Wireshark to capture and monitor packets between two IOU 
devices, which you can’t do when using the IOU virtual machine. This is 
because the .pcap capture hie, which is created when you start a Wireshark 
capture, is saved on the IOU virtual machine and not locally, so Wireshark 
cannot access the hie. 

If you’re running GNS3 on Linux, follow the instructions in this sec¬ 
tion to get IOU up and running. Otherwise, skip ahead to “Using the GNS3 
IOU Virtual Machine on Windows and OS X” on page 160. 

Installing IOU 

When you run an IOU image, the image looks for the hie libcrypto.so.4 
and won’t run without it. Although a libcrypto library hie may already be 
installed on your system, you should install libssll.0.0 because this version 
is proven to be stable with IOU images. Next, create a symbolic link (sym- 
link) from libcrypto.so.1.0.0 to libcrypto.so.4-, asymlinkis the Linux equivalent 
of a Windows shortcut. If you’re using a 32-bit version of Ubuntu, install 
libcrypto using the following commands: 


$ sudo apt-get install libssll.0.0 

$ sudo In -s /lib/i386-linux-gnu/libcrypto.so. 1 . 0.0 /lib/libcrypto.so.4 


When running a 64-bit Ubuntu system, you’ll need to install the 
32-bit libssl package before you can configure libcrypto and run a 32-bit 
IOU image. If you have a 32-bit Ubuntu system, you can disregard the 
next commands. 


$ sudo apt-get install libssll.O.O:i386 

$ sudo In -s /lib/i386-linux-gnu/libcrypto.so.1.0.0 /lib/i386-linux-gnu/ 
libcrypto.so.4 


If you’re not running Ubuntu, then you may need to do a little research 
to configure libcrypto on your system because not all Linux systems use 
the same library hies and versions or even store the hies in the same direc¬ 
tories as Ubuntu. The key is that the libcrypto hie must be symlinked to 
libcrypto.so.4. 

After you’ve configured libcrypto.so.4, copy one or more IOU image hies 
to your Ubuntu system. You have to make the IOU hies executable before 
they’ll run; here’s how: 

$ sudo chmod 555 I 86 BI_LINUXL 2 -UPK 9 -M- 15 . 0 .bin 
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Next, install the dependencies for the GNS3 iouyap application. This 
program is responsible for setting up communication between IOU and 
other GNS3 devices, like Dynamips routers. Begin by installing bison and 
flex, two packages that are needed before iouyap can compile. 


$ sudo apt-get install bison 
$ sudo apt-get install flex 


Now, install and compile the iniparser program using the following 
commands: 


$ sudo apt-get install git 

$ git clone http://github.com/ndevilla/iniparser.git 
$ cd iniparser 
$ make 

$ sudo cp libiniparser.* /usr/lib/ 

$ sudo cp src/iniparser.h /usr/local/include 
$ sudo cp src/dictionary.h /usr/local/include 


A ZIP hie containing iouyap should have been included in your GNS3 
for Linux download. Unzip iouyap-<x>.zip, replacing <x> with the version 
you have, and compile the program using the following commands: 


$ cd iouyap-x 
$ sudo make 
$ sudo make install 


If necessary, copy the compiled application to the /usr/local/bin directory. 


$ sudo copy iouyap /usr/local/bin 


Now that all the applications are installed, you need to do some 
configuration. 

Creating a License File 

Before running IOU, you have to create a license hie that contains the host- 
name of your PC and a valid license key. The license key is generated from 
your Linux hostname, so make sure you’re satished with your PC’s hostname. 
If you change your hostname, you’ll need to enter a new license key. 

Once you have obtained a license key, use a text editor to create the 
license hie. I usually name my hie .iourc, but any name will do. The follow¬ 
ing is an example of a license hie for a PC named Ubuntu using the license 
key 1234567812345678. The hostname is case sensitive, so take care when 
entering it in the license hie. 


[license] 

Ubuntu = 1234567812345678 
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If you’re unsure what your Linux host is named, you can use the hostname 
command from your terminal to display the name. 

Configuring GNS3 

Next, set the path to the iouyap application and your IOU license Hie in 
the IOS on UNIX preferences. The iouyap application is used to bridge 
Dynamips, and other GNS3 devices, with IOU devices so that all your 
devices can be seamlessly networked together. Select Edit ► Preferences 
and then select IOS on UNIX from the left menu, as shown in Figure 9-1. 


General 
GNS3 server 
Packet capture 
VPCS 

* Dynamips 

IPS routers _ 

IOU devices 

* VlrtualBox 

V rtualBox VMS 

* QEMU 

QEMU VMS 


[JOS o n UNIX preferences 


General settings Server settings Advanced settings 
Path to lOURC (pushed to the server): 

|/homc/)neutnann/.kHirc | [Browse- 

Path to iouyap (local Linux server only): 

/usr/local/bin/iouyap Browse- 


Restore defaults 
Apply Cancel L OK 


Figure 9-1: IOS on UNIX preferences, General settings tab 


On the General settings tab, set the path and name of your license file 
in Path to IOURC. This refers to the IOU license file you created earlier. 
Also, set the file path to your iouyap file in Path to iouyap, typically /usr/ 
local/bin/iouyap. Next, go to the Server settings tab, shown in Figure 9-2. 

Select the Always use the local server (Linux only) checkbox so that 
IOU uses the local PC for GNS3 and IOU integration. Then, go to the 
Advanced settings tab, shown in Figure 9-3. 

Each IOU device is assigned a unique console port number within the 
defined range. Don’t change these values unless the range conflicts with 
other IP-based applications running on your PC; the same is true for the 
UDP tunneling port range. UDP ports are used to set up network communi¬ 
cation between IOU and other GNS3 devices. 
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GNS3 server 
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* Dynamlps 

IOS routers 

* IOS on UNIX 

IOU devices 

* VirtualBox 

VirtualBox VMs 
' QEMU 

QEMU VMS 


[ IOS on UNIX preferences 

General settings Server settings Advanced settings 



Restore defaults 


Apply I Cancel OK 


Figure 9-2: IOS on UNIX preferences, Server settings tab 
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GNS3 server 
Packet capture 
VPCS 

* Dynamlps 

IOS routers 

* IOS on UNIX 

IOU devices 

* VirtualBox 

VirtualBox VMs 
'QEMU 

QEMU VMS 


[ IOS on UNIX preferences 

General settings Server settings Advanced settings 

Console port range 

[4001 tcp ; to [4500 tcp ; 


UDP tunneling port range 

30001 UDP ; to 3SOOOUDP ; 


Restore defaults 


Apply I Cancel OK 


Figure 9-3: IOS on UNIX preferences, Advanced settings tab 


Cisco IOS on Unix and NX-OSv 157 



Finally, expand IOS on UNIX in the left menu of the Preferences win¬ 
dow to display the IOU devices section, shown in Figure 9-4. Front here, you 
can add one or more IOU image hies to GNS3. 


O ® Preferences 


General 

| IOU devices preferences 

GNS3 server 


Packet capture 

IOU L2 ’General 


Cloud 

“ Name: 

IOU_L2 

VPCS 

Server: 

local 

► Dynamips 

Image: 

i86bi*li nux-l2-adventerprisek9-l 5.1 a.bin 

"IOS on UNIX 

Initial config: 

/home/jneumann/.python-eggs/gns3_gui-l.2.devi-p 


RAM: 

default 

► VirtualBox 

NVRAM: 

default 

► QEMU 

» Network 



Ethernet adapters: 2 (8 interfaces) 


Serial adapters: 

2 (8 interfaces) 


New Edit Delete 


Apply 


Cancel OK 


Figure 9-4: Adding IOU images to GNS3 


To add an IOU image hie to GNS3, click the New button to start the 
New IOU device wizard, shown in Figure 9-5. 


O New IOU device 


Name and Image 

Please choose a descriptive name for the new IOU device 
and add an IOU image. 

Name: | IOU_L2 

IOU image: s/lOU/i86bMinux-(2*adventerprisek9*l 5.la.bin Browse- 
Type: L2 image _ z_ 



idrrPii 


Cancel 


Figure 9-5: New IOU device wizard 
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Enter a name for your new device ( I0U_L2 in this example); then click 
the Browse button to locate and select your lOU image hie. When you’re 
done, click Finish to complete the wizard. Once added, your lOU image Hie 
should be copied to your GNS3 user directory under GNS3/images/10U. 

To configure an IOU device, drag an IOU device icon from the Devices 
toolbar to your workspace. Right-click the device and choose Configure to 
open the Node configurator (shown in Figure 9-6). 


IOU1 



Figure 9-6: IOU Node configurator 


The options on the General settings tab allow you to rename your 
device and change the IOU image file, console port number, and default 
RAM and NVRAM values. 

You can change the number of Ethernet and serial adapters installed by 
adjusting the values on the Network tab. The default is two of each adapter, 
but they provide four interfaces each, giving you a total of eight Ethernet 
and eight serial interfaces. This should be plenty for most projects, but you 
can easily adjust the quantity to meet your needs. The total combined num¬ 
ber of adapters (Ethernet and serial) can’t exceed 16, for a total of 64 inter¬ 
faces per IOU device. 

An IOU device can be linked to any other GNS3 device, just as you 
would a standard Dynamips router or switch. You can even hot-link them 
to devices, meaning links can be formed between the devices after they’re 
started. 

To export an IOU configuration, enter copy running-config unix:initial 
-config.cfg from the IOU console and then right-click the IOU device in 
your workspace and select Export config. You will then be prompted for 
a filename and location, where the file will be saved. You can import a 
configuration by selecting Import config instead. 

If you want to run IOU in Windows or OS X, read the next section. 

If not, you can skip ahead to “NX-OSv” on page 168. 


Cisco IOS on Unix and NX-OSv 159 



Using the GNS3 IOU Virtual Machine on Windows and OS X 

As I mentioned in “Things to Know Before Installing IOU” on page 153, 
Windows and OS X systems can run IOU only using a Linux virtual 
machine. If you haven’t done so already, download and install VirtualBox 
{https://www.virtualbox.org/). Accepting the default installation settings 
should provide everything you need for running an IOU virtual machine. 

After installing VirtualBox, visit the GNS3 website {http://www.gns3.com/) 
and download the OVA Hie named GNS3 IOU VM.ova. This is a Linux vir¬ 
tual machine that’s been preconfigured with all the tools you need to run 
IOU, but it doesn’t include any IOU image files. Instead, it provides a web- 
based utility that allows you to easily upload your image files to the appli¬ 
ance, but you’ll need to import the appliance into VirtualBox before you 
can use it. 

Importing the GNS3 IOU Virtual Machine into VirtualBox 

Start by launching the VirtualBox application. After the application loads, 
select File ► Import Appliance. You should be presented with the Import 
Virtual Appliance dialog, shown in Figure 9-7. 


Import Virtual Appliance 

Appliance to import 

VirtualBox currently supports importing appliances saved in the Open 
Virtualization Format (OVF). To continue, select the file to import below. 

C:\Users\jneumanndownloads\GNS3 IOU VM.ova £3 


Hide Description Next Cancel 

Figure 9-7: Select the virtual appliance. 

Use the browse icon to locate and select the GNS3 IOU VM.ova file. 

In Figure 9-7, my virtual machine is located in my Downloads directory, 
C:\Users\jneumann\Downloads. Once you select the file, click Next and verify 
the appliance settings. They should look similar to Figure 9-8. 
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(?) Import Virtual Appliance 


Appliance settings 

These are the vrtual machnes contained r the applance and the suggested 
settings of the mported VrtuaBox machnes. You can change many of the 
properties shown by double-ckking on the items and dsable others usrvg the 
checkboxes below. 


Description 

Configuration 

A 


Virtual System 1 




& Name 

GNS3 IOU VM 



^ Description 

VM for GNS3 (development) 



§ Guest OS Type 

J3 Debian (32 bit) 



Q cpu 

1 



I RAM 

2048 M8 



© DVD 

a 

V 



I I Renibafcze the MAC adckess of al network cards 


npfat Imnnrt C ;w*»l 



Figure 9-8: Virtual Appliance settings 


You should be able to accept the suggested appliance settings. Notice 
that the default RAM setting is 2048MB. I’ve found that the RAM can be 
reduced to 1024MB if you’re using only a couple of lOU devices in your 
projects. Doing so reduces the overall amount of memory used in your PC 
and may help GNS3 perform better if you’re strapped for resources. If 
you’re unsure, then just accept the defaults and click Import to complete 
the import. You can always modify the settings later. 

After importing the virtual machine, click Settings and then click 
Network to access the Network pane, shown in Figure 9-9. 


© 


GNS3 IOU VM - Settings 


? 


W General 
[ jj System 
111 Display 
^ Storage 
^ Audio 
[•? Network 
^ Serial Ports 
& US8 

(2 Shared Folders 


Network 

Adapter 1 ' Adapter 2 | Adapter 3 | Adapter 4 _ 

@ Enable Network Adapter 

Attached to: Bridged Adapter ▼ 

Name: Intel(R) 8257-1. Gigabit Network Connection 
^ Advanced 


Help 


Figure 9-9: Bridge the network adapter to your PC. 
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From the Adapter 1 tab, select the Enable Network Adapter option. 
Then, choose Bridged Adapter next to the Attached to held. When you’re 
finished, click OK. This bridges your virtual machine’s Ethernet adapter 
to your PC and allows it to access the Internet so you can install additional 
packages, if needed. 

Uploading IOU Image Files 

Now that you’ve imported the GNS3 IOU virtual machine, you should be able 
to run the virtual machine and upload your IOU image hies. To power on the 
virtual machine, select GNS3 IOU VM, as in Figure 9-10, and click Start. 

Oracle VM VirtualBox Manager - ° 

(■J Detafc ] (&J Snapshots 

General © Preview 

Ooeratng System: Ceba~ 22 bit) 

jj System 

BaseMenwy: 1024 MB 
Boot Order: CDJDVD, Hard Disk 
Acceleration: PA E/NX 


M ““Plov 

Video Memory: 12 MB 

Remote Desktop Server: Disabled 
Video Capture: Disabled 

(£) Storage 

Controler: IDE 

IDE Secondary Master: [CDA>VD] Empty 
Controler: SATA 

SATA Port 0: GNS3 IOU VM-dtskl.vmdk formal, 2.00 G8) 

Audio 

Disabled 

-mp Network v 

Figure 9-10: Select and start your CNS3 IOU virtual machine. 

It’s normal for the virtual machine to take a minute or two to start 
because it’s booting a fully functional Linux OS. After the virtual machine 
is up and running, a console message similar to the following should be 
displayed on the screen: 


GNS3IOU VM 


9 


O 0 ❖ 

New Settings Start 



Welcome to GNS3 IOU appliance 

Use 172.16.231.204 to configure a remote server in GNS3 Preferences 

Use your browser with http://l72.l6. 231 . 204 :8000/upload to upload I0S images 

gns3-iouvm login: 
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NOTE 


Notice that the screen instructs you to use your PC’s web browser to 
upload IOU image hies to the appliance. For this to work, your PC and the 
GNS3 IOU virtual machine must each have an IP address assigned from 
your local network. In this example, my virtual machine’s IP address is 
172.16.231.204. 

Sometimes the IOU virtual machine may not display the IP address. In that case, 
log on to the virtual machine using the username root and the password cisco. 
Then enter ifconfig etho to display the IP address of your virtual machine’s Ethernet 
interface. 

To upload an IOU image hie, open your web browser and browse to 
the IP address, using port 8000 as instructed. After entering the URL 
(http://172.16.231.204:8000/uploadin this example), you should be pre¬ 
sented with a web page like the one in Figure 9-11. 

- D I 

GNS3 Server X ) + 

4 1 172-16.231204:8000 / upload t C ] 10 ’ Ccogle fi & (S ♦ ft = 

Select & Upload an image for GNS3 

Ffle path Browse. No file selected 
Fie type. IOU_v 

Upload 

Files on 172.16.231.204:8000 

TKrmegns3’GNS3 Images TOU186bi-limix-l2-5)basek9-15. lg bin 
home gns3 '.iourc 

Powered by GNS3 

Figure 9-11: Select and upload your IOU image files. 

Use the Browse... button to select an IOU image hie from your PC. 
Once selected, click upload to complete the process. Repeat this step for 
each image you want to use with GNS3 and your IOU license hie. Images 
are stored on the IOU virtual machine under /home/gns3/GNS3/images, and 
the path is displayed on the web page for later reference. You’ll need this 
information when you configure your IOU images in GNS3, so it’s a good 
idea to highlight and copy the full path and filename now. That way, you 
won’t have to type it later. 

Configuring GNS3 for iOU 

Now that IOU is ready, you just have to prepare GNS3. First, create a plain¬ 
text license hie on your PC using the hostname gns3-iouvm, as in the follow¬ 
ing example. Replace 1234567812345678 with your license number. 
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[license] 

gns3-iouvm = 1234567812345678 

A common name that’s often used for the IOU license Hie is .iourc, but 
you can use any name that makes sense to you (for example, you might call 
it iou-license.txt), and the license file can be stored anywhere on your system. 

After you’ve created the license file, you’re ready to configure the GNS3 
preferences for IOU. Launch GNS3, select Edit ► Preferences on Windows 
or GNS3 ► Preferences on OS X, and select GNS3 server, as shown in 
Figure 9-12. 



Figure 9-12: CNS3 server preferences, Remote servers tab 

Select the Remote servers tab. Under Host O enter the IP address of 
your GNS3 IOU virtual machine, click Add, and then click Apply. In this 
example, the IP address of my GNS3 IOU virtual machine is 172.16.231.204. 

Next, tell GNS3 where to find the IOU license file. Click IOS on UNIX 
from the pane on the left and select the General settings tab, shown in 
Figure 9-13. 

Click the Browse... button to the right of the Path to IOURC field to 
locate your license file. Select the file and then click Add and Apply. In 
this example, the path to my license file is C:\Users\jneumann\GNS3\iourc 
_license.txt. 
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Figure 9-13: IOS on UNIX preferences, General settings tab 

Next, expand IOS on UNIX in the pane on the left to display IOU 
devices, as shown in Figure 9-14. 

The final configuration step is to add the path to an IOU image hie. 
Select the IOS devices preference and click New to start the wizard. Under 
Server type, make sure there’s a check next to Remote and click Next. A 
message about choosing a path to your image should appear; click OK, and 
you should see the New IOU device window, shown in Figure 9-15. 

Enter a name for your IOU device ( I0U_L2 , for example) and then 
enter the IOU image path. Because IOU images are installed on the Linux 
virtual machine, you'll have to enter the “Linux pathname” to your image 
hie. That path is /home/gns3/GNS3/images/<image_name>. In this example 
I've entered /home/gns3/GNS3/images/i86bi-linux-l2-adventerprisek9-15.1a.bin. 
You can hnd this information on the IOU web page that you used to upload 
your image hies (refer to Figure 9-11). Be careful to enter the path and 
filename correctly; otherwise, IOU won’t work. I recommend copying and 
pasting the information directly from the IOU virtual machine web page to 
avoid any confusion. 
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* General 

Name: 

Server: 

Image: 

Initial config: 

RAM: 

NVRAM: 
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default 
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Apply 


Figure 9-14: IOU devices preferences 


£ New IOU device template 

Name and imaoe 

Please dwose a desup'jve name for the new IOU device and add an IOU image. 


Name: IOUJ.2 


IOU image: /t>ome/GNS3/<rs3Maaes/l86C<-rxjx^2HDbasek9-15. fcj.bm 

Browse... 

Type: L 2 image 

- 



< Back fineh Cancel 


Figure 9-15: New IOU device window 

When you’re finished, click Finish to close the wizard and then click 
Apply and OK to complete the configuration. Once you’ve added an IOU 
image, you’re ready to start using IOU devices in your projects. 
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If you upgrade GNS3 to a new version, you also have to upgrade the 
server on your GNS3 IOU virtual machine to the same version, or it won’t 
work. To upgrade the server, log on to the GNS3 IOU virtual machine and 
enter the following commands, replacing version with your version of GNS3: 


Login: root 
Password: cisco 

# pip3 install gns3-server==version 


IOU in Action 

Now let’s create a simple project that allows an IOU switch to route 
TCP/IP traffic between two VLANs. Start by creating the project shown 
in Figure 9-16. 


R1 


VLAN 10 
192.168.1.100 


VLAN20 

192.168.2.100 



192.168.1.1 

192.168.2.1 


Figure 9-16: VLAN routing using an IOU switch 


In this project, you’ll configure an IOU L2 switch with two VLANs 
(VLAN 10 and VLAN 20). Then you’ll assign router R1 to VLAN 10 
and router R2 to VLAN 20. In this lab, the IOU switch will route packets 
between the two VLANs so that R1 and R2 can ping each other. Start by 
configuring the IOUf switch as follows: 


I0U1# configure terminal 
© IOUl(config)# ip routing 
© IOUl(config)# vlan 10 
IOUl(config-vlan)# vlan 20 
© IOUl(config-vlan)# interface vlan 10 
0 IOUl(config-if)# ip address 192.168.1.1 255.255.255.0 
© IOUl(config-if)# no shutdown 

IOUl(config-if)# interface vlan 20 
IOUl(config-if)# ip address 192.168.2.1 255.255.255.0 
IOUl(config-if)# no shutdown 
© IOUl(config)# interface Ethernet 0/0 
© IOUl(config-if)# switchport mode access 
© IOUl(config-if)# switchport access vlan 10 
IOUl(config-if)# no shutdown 
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IOUl(config-if)# interface Ethernet 0/1 
IOUl(config-if)# switchport mode access 
IOUl(config-if)# switchport access vlan 20 
IOUl(config-if)# no shutdown 


Enable IP routing O and then create the two VLANs (10 and 20) using 
the vlan command ©. Next, create a switched virtual interface (SVI) © for 
each VLAN and assign each SVI an IP address ©. Use the no shutdown com¬ 
mand © to bring up the interface. Now go under the physical interfaces © 
that are connected to R1 and R2, make them access ports ©, and assign 
them to the appropriate VLAN ©. 

Next, configure an IP address on router Rl. 


Rl(config)# interface fo/o 

Rl(config-if)# ip address 192.168.1.100 255.255.255.0 
Rl(config-if)# no shutdown 

Ri(config-if)# ip route o.o.o.o o.o.o.o 192.168.1.1 


After assigning the IP address to F0/0 on Rl, set the default gateway 
address to 192.168.1.1 so that the router will use IOU1 for its gateway. 
Finally, configure R2 in a similar manner. 


R2(config)# interface fo/o 

R2(config-if)# ip address 192 .168.2.100 255.255.255.0 

R2(config-if)# no shutdown 

R2(config-if)# ip route o.o.o.o o.o.o.o 192.168.2.1 


After configuring the project, you can test VLAN routing using the ping 
command. Router Rl should be able to ping router R2 through the IOU1 
switch, as in the following: 


Rl# ping 192.168.2.100 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.1.100, timeout is 2 seconds: 

!! 111 

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/24/32 ms 


That’s all it takes to get IOU devices up and running with GNS3. Now 
let’s take a look at Cisco’s newest operating system, NX-OS. 


NX-OSv 


Cisco NX-OS runs on a data-center class of switches known as Nexus. Though 
similar to IOS, NX-OS is not IOS and uses a different set of configura¬ 
tion commands. NX-OSv, sometimes called Titanium, is a Linux virtual 
machine that runs an NX-OS simulator using virtualization software, like 
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VirtualBox. NX-OSv is not a complete OS simulation, and it’s missing a lot 
of functionality. It provides just enough features and commands to give you 
a feel for how NX-OS works, and it can be networked to GNS3 devices. After 
you’ve acquired an NX-OSv image, make a copy and keep it in a safe place 
in case your working copy gets corrupted in some way. 

Create a directory for NX-OSv under your GNS3 directory and copy 
the NX-OSv image hie there. You should have a Hie named N7K.vmdk. Your 
filename may be different depending on your version of NX-OSv. With your 
image Hie in place, it’s time to get NX-OSv wired up in VirtualBox. 


Importing NX-OSv into VirtualBox 

NX-OSv usually comes ready to run in the form of a single virtual machine 
hard disk file (.vmdk file), and you can run it using VMware, VirtualBox, 
or QEMU. VirtualBox is free and runs NX-OSv reliably, even on PCs with 
older processors such as the Core 2 Duo, so I'll cover VirtualBox here. 
Configuration consists of importing the hard disk image file into a custom 
Linux virtual machine and adjusting a couple of settings. If you don’t have 
VirtualBox installed on your PC, download and install it now. 

Launch VirtualBox and click New to create a new virtual machine. 
You should be presented with the Create Virtual Machine wizard, shown in 
Figure 9-17. 


Create Virtual Machine 



Name and operating system 


Please choose a descriptive name for the new virtual 
machine and select the type of operating system you 
intend to install on it The name you choose will be used 
throughout VirtualBox to identify this machine. 


NX-OSV 

Linux 


C 

Other Linux (64-bit) 

_cj 



Hide Description < Back 


Cancel 


Figure 9-17: Create Virtual Machine wizard, Name and 
operating system window 


Enter a name for the device, set Type to Linux and Version to Other 
Linux (64-bit), and then click Next to continue. You should be presented 
with the Memory size window, shown in Figure 9-18. 

To adjust the memory size, use the slider or enter the amount in the 
field provided. NX-OSv runs best with 2048MB of RAM. When you’re done, 
click Next to configure the hard drive settings, shown in Figure 9-19. 
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^ Create Virtual Machine 


C 


Memory size 

Select the amount of memory (RAM) In megabyte* to 
be allocated to the virtual machine. 

The recommended memory sile is 2 SO MB. 

0 | ?Q4s| ; MB 

4 MB 4096 MB 


< Back Next > Cancel 

Figure 9-18: Create Virtual Machine wizard, 
Memory size window 



Machine 


Hard drive 

If you wish you can add a virtual hard drive to the new 
machine. You can either create a new hard drive file or 
select one from the list or from another location using 
the folder icon. 

if you need a more complex storage set-up you can skip 
this step and make the changes to the machine settings 
once the machine is created. 

The recommended size of the hard drive is 8.00 OB. 

O Do not add a virtual hard drive 
O Create a virtual hard drive now 
9 Use an existing virtual hard drive file 

N7K.vmdk (Normal, 4.00 CB) ; G3 

< Back ^ Create Cancel 


Figure 9-19: Create Virtual Machine wizard, Hard drive window 

To attach the NX-OS virtual hard drive to your virtual machine, select 
Use an existing virtual hard drive file and click the browse icon to locate 
your NX-OSv .vmdk file. Select the file and click Create to finish creating 
the virtual machine. 

Configuring GNS3 for NX-OSv 

Start GNS3 and add the NX-OSv virtual machine to your virtual 
machine library. Select Edit ► Preferences and expand VirtualBox to 
show VirtualBox virtual machines, as shown in Figure 9-20. From here 
you can add VirtualBox virtual machines to GNS3, which is the last 
step before you can use NX-OSv. 


Create Virtual 
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GNS3 server 
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Adapters: 
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0 
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New _Edit Delete 


Apply 


Cancel 


Figure 9-20: Adding the NX-OSv VirtualBox virtual machine to CNS3 


Click New to start the VirtualBox wizard, select your NX-OSv virtual 
machine from the virtual machine name drop-down menu, and click 
Finish. Now click Edit and navigate to the General settings tab. Select the 
Enable remote console and Start VM in headless mode boxes and click 
Apply. Under the Network tab, change the number of interfaces from 1 to 
6, and click Apply to close the window. Then click Apply and OK to com¬ 
plete the installation. To use a NX-OSv virtual machine in your projects, 
drag your NX-OSv virtual machine from the End devices toolbar to your 
workspace. 


NX-OSv in Action 

Now that you have the NX-OSv device added to GNS3, let’s use it in a proj¬ 
ect. Create a topology that includes one NX-OSv device and one IOS router, 
as shown in Figure 9-21. This project will advertise all 172.16.0.0 networks 
from R1 to NX-OSv using Cisco EIGRP. 
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lol: 172.16.1.1 
lo2: 172.16.2.1 
lo3: 172.16.3.1 


R1 


10.1.1.0/24 


NX-OSv 



el / \ 


Figure 9-21: Simple topology using NX-OSv 


After you create the project, start all your devices and open a console 
connection to NX-OSv. NX-OS running on a PC takes a long time to boot 
and often hangs for a minute at the SCSI disk detected message, displayed in 
Figure 9-22. This is normal, so be patient while it starts. 


0'' m NX-OSv 

Auto booting bootflash:/titanium-dl-kickstart.7.0.l.ZD-0.216.bin bootflash:/tit 
anium-dl.7.0.1.ZD.0.216.bin... 

Booting kickstart image: bootflash:/titanium-dl-kickstart.7.0.1.ZD.0.216.bin... 


.Image verification OK 

[ 0.000000] Unknown boot option 'ide_generic.probe_mask=Ox0': ignoring 

INIT; version 2.86 booting 
SCSI disk detected. 


Figure 9-22: Booting NX-OSv 


If you don’t see the boot messages, you may have misconhgured 
something. Go back and check all your settings in VirtualBox and GNS3. 

If you continue to have problems, there may be something wrong with your 
N7K.vmdk image hie. 

After the system starts, you should be presented with a login prompt, 
like the one shown here: 


User Access verification 
vNX-OS-01 login: 


The default login and password should be admin and admin. Use these 
credentials to log on to NX-OSv. This is a good time to enter a few com¬ 
mands. I would start with show run, show version, and show interface brief, 
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but you can try any IOS commands you’re familiar with. Some will be the 
same on NX-OS; others will not. You can use the question mark (?) to dis¬ 
play a complete list. 

Now that you’ve taken a peek at NX-OSv, you can configure your project. 
First, you’ll configure router Rl. Open a console on router R1 and enter the 
following commands to configure all the IP addresses for the project: 


Rl# configure terminal 
Rl(config)# interface fo/o 
Rl(config-if)# no shutdown 

Rl(config-if)# ip address 10.1.1.1 255.255.255.0 
Rl(config-if)# interface loopbackl 
Rl(config-if)# ip address 172.16.1.1 255.255.255.0 
Rl(config-if)# interface loopback2 
Rl(config-if)# ip address 172.16.2.1 255.255.255.0 
Rl(config-if)# interface loopback3 
Rl(config-if)# ip address 172.16.3.1 255.255.255.0 


Next, enable EIGRP and advertise all the IP networks. 


Rl(config-if)# router eigrp 10 
Rl(config-router)# no auto-summary 
Rl(config-router)# network 10.0.0.0 
Rl(config-router)# network 172.16.0.0 


Now log on to NX-OSv and configure an IP address from the same sub¬ 
net as Rl’s interface f0/0. 


vNX-0S-0l# configure terminal 
vNX-OS-Ol(config)# interface ethernet 2/1 
vNX-OS-Ol(config-if)# ip address 10.1.1.2/24 
vNX-OS-Ol(config-if)# no shutdown 


The first thing you should notice is that NX-OS only accepts IP 
addresses using CIDR notation, so here, the subnet mask is entered as 
/24 and not 255.255.255.0 as commonly used in IOS. Now use the ping com¬ 
mand to test connectivity from NX-OSv to router Rl and exit to configura¬ 
tion mode. 


vNX-OS-Ol(config-if)# do ping 10.1.1.1 
PING 192.168.1.1 (llO.l.l.l): 56 data bytes 
64 bytes from 10.1.1.1: icmp_seq=0 ttl=254 time=l9.494 ms 

64 bytes from 10.1.1.1: icmp_seq=l ttl=254 time=7.849 ms 

64 bytes from 10.1.1.1: icmp_seq=2 ttl=254 time=7.5ll ms 

64 bytes from 10.1.1.1: icmp_seq=3 ttl=254 time=20.637 ms 

64 bytes from 10 . 1 . 1 . 1 : icmp_seq=4 ttl=254 time=8.524 ms 

— 10.1.1.1 ping statistics — 

5 packets transmitted, 5 packets received, 0.00% packet loss 
round-trip min/avg/max = 7.511/12.803/20.637 ms 
vNX-OS-Ol(config-if)# exit 
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Now let’s configure NX-OSv so that it can exchange EIGRP advertised 
routes with router Rl. Note that NX-OS allows you to run EIGRP only for a 
grace period of 120 days, unless you have a feature license. Enter the license 
grace-period command to start the grace period. 


vNX-OS-Ol(config)# license grace-period 
vNX-OS-Ol(config)# feature eigrp 
vNX-OS-Ol(config)# router eigrp 10 
vNX-OS-Ol(config)# network 10.0.0.0/8 
vNX-OS-Ol(config)# exit 


You can verify that routes from Rl are being advertised to NX-OSv 
using the show ip route command. 


vNX-OS-01# show ip route 
IP Route Table for VRF "default" 

'*' denotes best ucast next-hop 
'**' denotes best mcast next-hop 
'[x/y]' denotes [preference/metric] 

'%<string>' in via output denotes VRF <string> 

10.1.1.0/24, ubest/mbest: 1/0, attached 

*via 10.1.1.2, Eth2/l, [o/o], 00:49:54, direct 
10.1.1.2/32, ubest/mbest: 1/0, attached 

*via 10.1.1.2, Eth2/l, [0/0], 00:49:54, local 
172.16.1.0/24, ubest/mbest: 1/0 

*via 10.1.1.1, Eth2/l, [90/130816], 00:32:04, eigrp-10, internal 
172.16.2.0/24, ubest/mbest: 1/0 

*via 10.1.1.1, Eth2/l, [90/130816], 00:32:04, eigrp-10, internal 
172.16.3.0/24, ubest/mbest: 1/0 

*via 10.1.1.1, Eth2/l, [90/130816], 00:32:04, eigrp-10, internal 


In the previous lines, notice that the output from this command is dif¬ 
ferent from IOS, but all the pertinent information is there. In this example, 
all of the 172.16.0.0 routes have been advertised from Rl to NX-OSv via 
EIGRP, so you should be able to ping any of those addresses. Try that now. 


NX-OSv-01# ping 172.16.2.1 

PING 172.16.2.1 (172.16.2.1): 56 data bytes 

64 bytes from 172 .16.2.1: icmp_seq=0 ttl=254 time=20 ms 

64 bytes from 172 .16.2.1: icmp_seq=l ttl=254 time=l0 ms 

64 bytes from 172 .16.2.1: icmp_seq=2 ttl=254 time=20 ms 

64 bytes from 172 . 16 . 2 . 1 : icmp_seq=3 ttl=254 time=l 0 ms 

64 bytes from 172 . 16 . 2 . 1 : icmp_seq=4 ttl=254 time =20 ms 

— 172.16.2.1 ping statistics — 

5 packets transmitted, 5 packets received, 0.00% packet loss 
round-trip min/avg/max = 10/16/20 ms 


Finally, save your configuration. The command itself is the same as 
IOS, but it provides different output. 
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vNX-OS-01# copy running-config startup-con-fig 

[########################################] 100 % 

Copy complete. 

vNX-OS-01# 


Now that you’ve created a simple project, you can begin experimenting 
with NX-OSv on your own. Keep in mind that some functions will definitely 
be missing. In my version, for example, none of the L2 switch functionality 
works, only layer 3 routing. Another item to be aware of is tab completion; 
it works only on some commands, so don’t assume a command doesn’t work 
just because NX-OSv doesn’t provide tab completion on the command line. 

In spite of these limitations, I still find it fun to add NX-OS devices to my 
projects, and I’m sure you will too. To learn more about Cisco Nexus and 
NX-OS, visit http://www.cisco.com/en/US/products/ps9402/index.html. 


Final Thoughts 

In this chapter, you explored IOS on Unix and learned how to leverage IOU 
to add nearly full-featured switching capabilities to GNS3 without using 
physical switches. Although not required for CCNA-level certifications, IOU 
switching is highly useful for CCNP and CCIE certifications. 

Next, you installed NX-OSv, a virtual machine that simulates a Cisco 
Nexus switch running NX-OS. NX-OSv can be networked to GNS3 devices 
using protocols such as OSPF and EIGRP, and it’s fun to play with, but it 
lacks much of the functionality you’d find using a real Nexus switch. 

In the next chapter, I’ll show you a few fun things you can do with GNS3, 
such as creating a simulated access server to manage your routers. 
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10 

COOLTHINGSTO DO 
ON A RAINY DAY 


Now that you’ve seen GNS3’s most com¬ 
monly used features, let’s explore some fun 
tricks you can do with your GNS3 projects. 
First, you’ll create a simulated Cisco access 
server that functions like its real Cisco counterpart. 

Next, I'll show you how to move your GNS3 projects from one operating 
system to another and how to copy your GNS3 virtual router configurations 
from GNS3 to real Cisco routers. Finally, you’ll look at sharing a project’s 
resource load using multiple PCs, create some nerdy labs, and simulate a 
few real network scenarios. 



Managing Devices from an Access Server 

An access server allows you to manage all network devices from a central 
console so you can concurrently log on to multiple device consoles and 
easily switch between them. It’s an efficient way to manage devices on large 
Cisco networks, and with only a little effort you can create a fully functional 
virtual Cisco access server (sometimes called a terminal or comm server) to 


manage your GNS3 devices. I find that using a virtual access server is a fast 
way to manage and configure devices in GNS3, and you can also do it to 
learn the commands and keystrokes of a real access server. 

A GNS3 virtual access server has two components. The first is a Cloud 
node configured with a virtual interface; you’ll use a Loopback Adapter 
driver in Windows and a TAP adapter in Linux. The second is a Cisco 
Dynamips router that acts as the management console. Configuring the 
virtual access server itself varies slightly depending on your operating sys¬ 
tem. I'll cover Windows and Ubuntu Linux, but the concepts apply to other 
Linux operating systems. Unfortunately, OS X is not supported at the time 
of writing. 

Installing the Virtual Interface 

Whether you use Windows or Linux, you’ll need to install a virtual network 
adapter and assign it an IP address. On Windows, you’ll install a Loopback 
Adapter driver, and on Unix-based systems like Linux, you’ll install a TAP 
driver. If you’re a Linux user, you can skip to “Configuring a TAP Adapter 
in Linux” on page 179. 

Configuring a Loopback Adapter in Windows 

If you haven’t done so already, install the Microsoft Loopback Adapter 
driver. (Refer to “Using a Loopback Adapter on Windows” on page 106.) 
After you’ve installed the adapter, assign it an IP address. The IP address 
and subnet mask you choose must be unique from any network adapters 
already configured on your PC and from any IP addresses that you plan to 
use in your GNS3 network topology. 

To configure the adapter, open the Windows Control Panel and select 
Network and Sharing Center. Next, select Change Adapter Settings to dis¬ 
play a list of available adapters, as shown in Figure 10-1. 



Figure 10-1: Selecting Properties to configure the Microsoft Loopback Adapter driver 
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Right-click the Microsoft 
Loopback Adapter driver and 
select Properties. From the 
Properties window, select Internet 
Protocol Version 4 (TCP/IPv4) 
and then click the Properties 
button to display the IP address 
settings, shown in Figure 10-2. 

Select Use the following IP 
address and enter a unique IP 
address and subnet mask. I’ve 
chosen 9.9.9.9 and 255.255.255.0, 
but any address and mask will 
work, as long as they’re unique 
from any addresses assigned to 
any Ethernet adapters in your 
PC, and from any addresses that 
you plan to use in your GNS3 
network topology. There’s no 
need to include a default gate¬ 
way address or provide any DNS 
servers because they won’t be used by the access server. When you’re fin¬ 
ished, click OK to complete the configuration. Now close any open windows 
and launch GNS3. If you’re a Linux user, read on; otherwise, you can skip to 
“Preparing the GNS3 Server” on page 180. 

Configuring a TAP Adapter in Linux 

On Ubuntu Linux, you’ll use a virtual TAP adapter for the access server. 
Open a terminal and enter the following command to install the drivers: 


Internet Protocol Version 4 (TCP/IPv4) Properties ^3 

General 

You can get IP settings assigned automaticaly if you network supports 
this capabAty. Otherwise, you need to ask you network admnstrator 
for the appropriate IP settings. 

O Ob tan an IP address automaticaly 
Use the fblowvig IP address: 

IP address: 9 . 9 . 9 . 9 

Subnet mask: 255 . 255.255 . 0 

Default gateway: 

O Ob tan DNS server address automaticaly 

<§>Use the folowng DNS server address e s: 

Preferred DNS server: 

Alternate DNS server: 

□ vahtole settings i*o«i e»t Advanced... 

OK | Qcencel 

Figure 10-2: Configuring your Loopback 
Adapter driver with an IP address 


$ sudo apt-get install uml-utilities 


To enable tapO, enter the following command, replacing jneumann with 
your Linux username: 


$ sudo tunctl -u jneumann -t tapO 


Next, assign a unique IP address to the tapO interface. The IP address 
and subnet mask you choose must be unique from any network adapters 
configured on your PC and from any IP addresses that you plan to use in 
your GNS3 network topology. 


$ sudo ifconfig tapO 9.9.9.9 netmask 255.255.255.0 up 


To ensure the tapO interface maintains its IP address and is available 
after a reboot, you’ll need to change your Linux network settings. 


Cool Things to Do on a Rainy Day 179 





© © 


Open the interfaces file under /etc/networks/ in a text editor like pico or 
vi. You'll need administrator privileges to make changes to the hie, so log in 
as root or run the editor with the sudo command, as in sudo pico interfaces. 
Then, append the following to the end of the hie: 


auto tapO 

iface tapO inet static 

pre-up tunctl -t tapO 
up ifconfig tapO up 
down ifconfig tapO down 
address 9.9.9.9 
netmask 255.255.255.0 


With these commands in place, save the interfaces hie, close it, and 
reboot. When Ubuntu restarts, the TAP driver should automatically load, 
and interface tapO should be ready to use. 


WARN I NG 


Use caution when editing the /etc/networks/interfaces file. Entering a typo here 
can prevent Ubuntu from booting properly. 


Enter the ifconfig command to verify the tapO settings: 


$ ifconfig 

-~snip~- 

tapo Link encap:Ethernet HWaddr l6:8l:25:cl:cc:8c 

inet addr:9.9.9.9 Bcast:9.9.9.9.255 Mask: 255 . 255 . 255.0 
UP BROADCAST MULTICAST MTU:1500 Metric:1 
RX packets:0 errors:0 dropped:0 overruns:0 frame:0 
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 
collisions:0 txqueuelen:500 
RX bytes:0 (0.0 B) TX bytes :0 (o.o B) 


The output from ifconfig should show that the tapO adapter is enabled O 
and configured with an IP address ©. After you’ve installed and conhgured 
a virtual adapter, you’ll need to set up the GNS3 server. 

Preparing the GNS3 Server 

On Windows, run GNS3 as administrator. Begin by binding the GNS3 server 
to the IP address of your virtual interface; otherwise, your access server will 
not work. Click Edit ► Preferences and choose GNS3 server from the left 
column. Select the Host binding drop-down menu and then select the IP 
address you assigned to the virtual interface, as shown in Figure 10-3. 

In Figure 10-3, the IP address is 9.9.9.9 O. Click Apply and OK, and the 
GNS3 server should restart with the new host binding. 
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Figure 10-3: Changing the CNS3 server host binding 

Creating a Virtual Access Server in GNS3 

With your GNS3 server bound to the virtual adapter’s IP address, you can 
create the virtual access server. The access server is created using two 
devices: a Cloud node and a Dynamips IOS router. 

Configuring the Cloud Node 

Begin a project by adding a Cloud node to your workspace. Right-click the 
Cloud node and select Configure. If you’re running Windows, select the 
NIO Ethernet tab (shown in Figure 10-4). 

Click the drop-down menu under Generic Ethernet NIO and select 
your Microsoft Loopback Adapter driver (Loopbackl in this example); 
then click Add, Apply, and OK to complete the configuration. 

If you’re running GNS3 on Ubuntu Linux, configure the Cloud node 
using tapO. Instead of NIO Ethernet, select the NIO TAP tab and enter 
tapO in the TAP interface field, as in Figure 10-5. 
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Node configurator 


* Cloud group 
Cloud 1 


Cloud 1 configuration 


NIOEtneme! MOUOP MIOTAP NtOlMX NIOVDE WONLLl ► 
Generic Ethernet NIO (Admrxstrator or root access figured) 


loocbackl 



LoocbadU 

Add 


nio_gen_eth:loopba<k1 




Unux Ethernet WO (Lrux only, root access requred) 
QhemeV) 

Ethemett I Aon 


Reset 


OK Cancel Appty 


Figure 10-4: Configuring the Cloud node with a Loopback Adapter 
driver in Windows 


0 r Node configurator 

T Cloud group 

Cloud 1 

Cloud 1 configuration 


NIO Ethernet NIOUDP NIO TAP NIO UNIX NIOVDE Nl « », 


TAP Interface (require root access) 

tico Add Delete 


mo_tap:tapO 




Reset | Appty | Caned [ | OK 


Figure 10-5: Configuring NIO TAP with tapO on Ubuntu Linux 

When you’re finished, click Add, Apply, and OK to complete the Cloud 
node configuration. 

Configuring the Access Server Router 

After configuring the Cloud node, add a Dynamips router to your work¬ 
space and create a link from the router to the Cloud node. Together, these 
two devices comprise the virtual access server, shown in Figure 10-6. They 
will not be linked to any other devices in your GNS3 project. 
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Cloud 1 


R1 


Access Server 
Figure 10-6: Virtual access server 

After linking the virtual access server components together, add more 
routers to your workspace to create a simple three-router network, as shown 
in Figure 10-7. This is the network topology that will be managed using the 
virtual access server. 




R3 



Figure 10-7 shows that you have created a virtual access server using 
router R1 and a Cloud node (Cloud 1), and you have created a network 
topology that’s made up of three routers, named R2, R3, and R4. 

Now that you’ve created both the access server and a GNS3 network 
topology, you can configure the access server router. Assign router R1 an 
IP address from the same network as your PC’s virtual adapter, and test 
connectivity from R1 to the virtual adapter interface. For example, if you 
assigned the virtual adapter the IP address 9.9.9.9 255.255.255.0 as I have, 
you could assign the access server router R1 any IP address in that network 
range. I use the IP address 9.9.9.8 and the subnet mask 255.255.255.0. 

To configure the address on interface f0/0, open a console connection 
to router R1 and enter the following commands: 


Rl>enable 

Reconfigure terminal 
Rl(config)#interface fO/O 

Rl(config-if)#ip address 9.9.9.8 255.255.255.0 

Rl(config-if)#no shutdown 

Rl(config-if)#exit 

Rl(config)#exit 

Rl#ping 9.9.9.9 
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Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds: 

! ] 111 

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms 


In this configuration, router Rl’s interface f0/0 is linked to the Cloud 
node and configured with IP address 9.9.9.8 255.255.255.0. Test the con¬ 
nection between R1 and the virtual interface using a ping command. If the 
ping test is successful, you’re ready to move on. If the ping test is unsuccess¬ 
ful, verify that all your interfaces are enabled and that the virtual interface 
(loopback or TAP) is configured with the proper IP address and subnet mask. 

Configuring a Cisco IP Hostname Table 

After configuring an IP address on the virtual access server (Rl), you’re 
ready to configure an IP hostname table using information gathered from 
the devices that the access server will manage. In this project, the devices 
are routers R2, R3, and R4. Using Cisco IOS commands, you’ll create an IP 
hostname table using the IP address of the virtual interface (9.9.9.9) and 
the console port numbers that GNS3 has assigned to the routers used in 
your network topology. A Cisco IP hostname table works much like a Unix 
hosts hie, except that you’ll also include port numbers in the table. You’ll 
create an entry for each device in the topology that you want to manage. 

Begin by finding the console port numbers for routers that the access 
server will manage. In this project, you’re interested only in the console 
port numbers for routers R2, R3, and R4. You can quickly find any device’s 
console port number by hovering your mouse over the device, as shown in 
Figure 10-8. 

R2 


Router R2 is stopped 
Node ID is 3, server's router ID is 2 

Hardware is Dynamips emulated Cisco c3725 with 128 MB RAM and 256 KB NVRAM 
Router's server runs on 9.9.9.9:8000, console is on port 2002. aux is on port 2502 
Image is c372 5-adventerprise^-mz. 124-15.T14.image 
with idlepc value of Qx60c086a8. idlemax of 500 and idlesleep of 30 ms 
No JIT blocks shanng enabled 
1 MB diskO size, 0 MB diski sue 
slot 0 hardware is GT9610O-FE with 2 ports 
FastEthernetO/O is empty 
FastEthemet0/1 is empty 


Figure 10-8: Displaying device information 


Router R2’s console is on port 2002. Because console port numbers are 
assigned sequentially as devices are added to a project, routers R2, R3, and 
R4 should have been assigned the console port numbers 2002, 2003, and 
2004, respectively. If you’re unsure, hover your mouse over each device icon 
to verify the information. 


NOTE 


If you add multiple routers at the same time, instead of one at a time, the console port 
numbers may not be assigned in sequential order. 
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To create the IP hostname table, open a console on router R1 (the 
access server) and enter the following commands: 


Rl#configure terminal 
Rl(config)#ip host R2 2002 9.9.9.9 
Rl(config)#ip host R3 2003 9.9.9.9 
Rl(config)#ip host R4 2004 9.9.9.9 

Rl(config)#exit 

Rl# 


Notice the host port numbers correspond with the unique console port 
numbers from the three routers you want to manage, but the IP address is 
always the same; it is the IP address assigned to the virtual adapter (9.9.9.9). 
That’s because when the virtual access server opens a console to one of 
the lab routers, GNS3 creates a telnet session from the access server to the 
routers using the virtual adapter’s IP address. From there, it connects to the 
individual console port number that you assigned. For example, when the 
access server opens a console connection to router R2, GNS3 telnets to IP 
address 9.9.9.9 using port number 2002. This is similar to how an actual 
Cisco access server works. 

Now, verify which hosts are configured on your virtual access server 
with the show hosts command. 


Rl>show hosts 

Default domain is not set 
Name/address lookup uses static mappings 

Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate 
temp - temporary, perm - permanent 
NA - Not Applicable None - Not defined 


Host© 

Port© Flags 

Age Type 

Address(' 

R2 

2002 

(perm, OK) 

0 

IP 

9.9.9.9 

R3 

2003 

(perm, OK) 

0 

IP 

9.9.9.9 

R4 

2004 

(perm, OK) 

1 

IP 

9.9.9.9 


This command displays the hostname O, port number ©, and IP 
address © for each host configured on the access server. 


C -\ 

VIRTUAL ACCESS SERVER LIMITATIONS 

There are limitations as to what devices can be managed by the virtual access 
server. Because the GNS3 server is bound to a virtual adapter and runs "locally" 
on your PC, the virtual access server can manage only local devices. 

On a Windows PC, you cannot manage VirtualBox virtual machines, includ¬ 
ing IOU, though you can manage QEMU devices, like Junos. On Ubuntu Linux, 
you can manage all devices, including Dynamips, IOU, QEMU, and VirtualBox, 
as long they're running locally on your Linux PC. 

V_ 
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To learn more about configuring and using a real Cisco access server, 
visit the Cisco website ( http://www.cisco.com /) and search for configuring a 
comm server. For now, you should know all you need to try your virtual access 
server. 

Seeing the Virtual Access Server in Action 

After you’ve fully configured the access server and started your project 
routers, you should be able to manage those routers using the access 
server. You can open a console connection to several routers, and easily 
switch between them. 

Opening Consoles 

Begin by opening a console connection to Rl. Right-click router R1 and 
choose Console. Next, type the name of a host you want to manage and press 
enter. The hostnames are case sensitive, so be sure to use the correct case. 


Rl>R2 

Translating "R2" 

Trying R2 (9.9.9.90, 2002©)... Open 

Connected to Dynamips VM "R2" (ID 1, type C3600) - Console port 
Press ENTER to get the prompt. 

R2>© 


In this example, I open a session with router R2 by entering R2 from the 
access server command line. The output shows that a session is established 
using IP address 9.9.9.9 O and port number 2002 ©, and the prompt © has 
changed to the router being managed (R2 in this example). After the ses¬ 
sion is open, you can configure the router as though you opened a console 
directly from GNS3. 

When you’re finished configuring the router, return to the access server 
console; just press shift-ctrl-6 and then press the X key. (Cisco calls this 
combination of actions an escape sequence .) After returning to the access 
server console, enter the name of another router in your project to open a 
console on it. Try entering R3 now, and configure the router however you’d 
like. When you’re done, use the escape sequence again to return to the 
access server. 

Even though you’re currently logged on to the access server console, 
the sessions on the other two routers remain open. To display a list of 
open sessions and their corresponding connection numbers, enter the 
show sessions command. 


Rl>show sessions 

Conn Host Address 

1 R2 9.9.9.9 

©* 2 R3 9.9.9.9 


Byte Idle Conn Name 
0 0 R2 

0 0 R3 
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You should see two active connections (1 and 2). The asterisk © next to 
Conn 2 indicates that router R3 was the last session used. To return to the 
last session, press enter. To return to a different session, type a connection 
number and press ENTER; for example, you’d enter 1 to return to router R2. 

Closing Consoles 

When you’re ready to disconnect from an open connection, enter the 
disconnect command followed by the connection number; then press ENTER 
to confirm closing the session. 


Rl>disconnect 2 

Closing connection to R3 [confirm] 
Rl> 


In this example, I’ve disconnected from router R3 (connection 2). 
After disconnecting a session, you will have to enter the hostname again to 
reconnect to the device. 

Setting Connection Timeouts 

You may want to adjust the timeout setting (via the console exec-timeout 
parameter) on your routers and access server to ensure that you’re not 
logged out automatically during idle times, such as when you’re not actively 
configuring a router. The default value is ten minutes, but it can be set 
higher, lower, or changed to infinite. 

The following commands set the console timeout to zero minutes and 
zero seconds (infinite): 


Rl>enable 

Reconfigure terminal 
Rl(config)#line console 0 
Rl(config-line)#exec-timeout 0 0 


GNS3’s default startup-config should have already done this for you, but 
know that from a security standpoint, never allowing the router to time out 
is a bad idea in production environments. It is, however, highly convenient 
in lab environments such as GNS3. 


Deploying Configurations to Real Hardware 

One of the benefits of GNS3 is that it allows you to create and test network 
configurations that can later be used on real equipment. You simply export 
a router configuration in GNS3 and load it on a real Cisco IOS router. 

Exporting GNS3 Configurations to Gsco Routers 

After thoroughly testing a router configuration inside GNS3, you’re ready 
to export it and load it on a real Cisco router. You can export all the routers 
in your project, or you can export the configuration of an individual device. 
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Before exporting a GNS3 IOS router configuration, log in to that router and 
save its running-config file to the startup-config file. The saved startup-config is 
the configuration that will be exported by GNS3. 


Rlftcopy running-config startup-config 


If you have any IOU devices in your project, you’ll need to make copies 
of their running-config files,, too. Just log in to the device and enter the fol¬ 
lowing command to create a text hie of the IOU configuration: 


I0U#copy running-config unix:initial-config.cfg 


O ° Import/Export configs 


Please choose an option: 
Export configs to a directory 
Cancel 


Figure 10-9: Import/export 
tool for configuration files 


After you’ve saved a running-config hie, you 
can export all device configurations at the same 
time by selecting File ► Import/Export device 
configs. GNS3 should then show the dialog in 
Figure 10-9. 

Select Export configs to a directory from 
the drop-down menu, click OK, browse to the 
location where you want to save your configura¬ 
tion hies, and click Open to save the configura¬ 
tions. The exported conhguration hies will be 

named after the devices in your workspace, like Rl_startup-config.cfg and 
IOUl_initial-config.cfg. For each IOS device, you’ll also see a private config 
hie that’s used only by GNS3 and contains SSH crypto keys. You don’t need 
to upload this to your real Cisco router. This export method is an all-or- 
nothing procedure that exports all the device conhgurations in your proj¬ 
ect. To export the conhguration of a single device, save the conhguration, 
right-click the device in your project, and select Export config. The saved 
hie will be named using the device name. 


Importing Cisco Router Configurations into GNS3 

Now, let’s look at how to import a live Cisco router conhguration into 
GNS3. Begin by logging on to your real Cisco router and saving its conhgu¬ 
ration to your PC, using FTP or TFTP. Use a text editor to clean up any 
interface name discrepancies. Next, append the name of the exported hie 
with .cfg to ensure that GNS3 can recognize the hie. If you haven’t done so 
already, save your GNS3 project and stop the GNS3 router that is the target 
for the import. Finally, right-click the GNS3 router and choose Import config. 
Browse to the directory where you saved the .<J^hle, and select the hie to 
import it into the router. When you restart your GNS3 router, it should load 
and run the IOS conhguration that you copied from the live Cisco router. 


NOTE 


When moving configurations back and forth between real routers and GNS3, you 
may have to perform some IOS configuration cleanup. For example, your GNS3 
router may have an interface named FastEthernet 0/0 while your real Cisco router 
has an interface named FastEthernet 0 instead. In this case, use a text editor and 
modify the file before importing it into GNS3. 
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Copying GNS3 Projects Between Platforms 

Someday you may want to have your projects run on a PC that uses a differ¬ 
ent operating system than your existing PC. If your GNS3 projects include 
only Dynamips IOS routers and switches, you can copy them between dif¬ 
ferent platforms such as Windows and Linux with minimal effort. But if 
they’re made up of other device types such as IOU, QEMU, or VirtualBox, 
the process can get complicated. Either way, moving a project between 
platforms is mostly a matter of copying one or more projects from your old 
GNS3 projects folder to the projects folder on a new PC. 

IOS-Only Projects 

If your project consists of only Dynamips routers, then almost no additional 
configuration is necessary, as long as the target computer has compatible 
image hies. If the target PC is configured with different IOS image hies or 
the images are stored in a different directory, GNS3 should prompt you to 
substitute the original image hie with one that’s already conhgured on the 
target computer, as shown in Figure 10-10. 


IOS image 


IOS image C:/Users/Jason Neumann/CNS3/images/IOS/c3725-adventerprisek9-mz.124-15.T 14.image could not be found 
Please select an alternative from your existing images: 

c372S-adventerprisek9-mz.124-15.T14.image _ ; j 

Cancel i _OIL- j 

Figure 10-10: Substituting an iOS image file 

In this example, you’re moving a project from a Windows PC to a Linux 
host. Even though the c3725-adventerprisek9-mz-l 24-15.T!4.image file is con¬ 
hgured on the Linux host in Figure 10-10, GNS3 was unable to locate it 
because Windows stores IOS image hies using a different path than Linux. 

In this case, GNS3 should display a list of conhgured IOS images and 
allow you to choose one. Use the drop-down menu to select an image and 
click OK. After selecting the image, GNS3 should update the path informa¬ 
tion in the project hie on the target PC. To make the change permanent, 
you have to save your project. All of the original IOS conhgurations should 
remain intact, and your project should run as expected. If it doesn’t, start 
again and try using a different image hie. 

Projects with IOU Devices 

Copying projects that contain IOU devices can be a bit more involved. The 
easiest method is to re-create the IOU devices in the project on the target 
PC and then upload the original IOU conhguration. Before copying the 
project to a new platform, follow these steps: 

1. Log on to each IOU device in the project and copy the running con¬ 
hguration to the unix:initial-config.cfg file. Right-click an IOU device 
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and choose Export config to save the configuration. Be sure to copy 
the exported configuration hie to the new system when you copy your 
project. 

2. Open the project on the target PC and resolve any IOS image hie sub¬ 
stitution issues (refer to Figure 10-10). 

3. On the target PC, delete the IOU device from your project, add a new 
one, and link the IOU device to other project devices using the same 
interfaces as the original project. 

To import the conhguration, follow these steps: 

1. Right-click the IOU device on the target PC and click Import config. 

2. Browse to the directory where the IOU conhguration is saved and select 
the hie. Do this for each IOU device in your project. 

3. When you’re hnished, start all the devices in your new project and verify 
that everything works as expected. Log on to each IOU device and exam¬ 
ine its conhguration. If everything looks good, save your updated project. 

Finally, let’s look at transferring projects that use VirtualBox. 

Projects with VirtualBox Devices 

If you’re using a VirtualBox device in your original project, you’ll have 
to export it to an OVA hie. Launch VirtualBox and choose File ► Export 
Appliance to save the device hie. With the OVA prepared, follow these steps: 

1. Copy the OVA hie to the new PC, launch VirtualBox, and choose 

File ► Import Appliance to import the hie. 

2. Launch GNS3 and add the VirtualBox virtual machine under 
Preferences, as discussed in “Importing Appliances” on page 51. 

3. Add the device to your GNS3 project and link it to other devices, select¬ 
ing the same interfaces that were used in the original project. 

When you start your project on the new PC, your VirtualBox devices 
should have the same conhguration they had on the old PC. 


Exploring the GNS3 Console 

The GNS3 management console provides a command line interface that 
you can use to control project devices. Based on the original Dynagen 
console that was written for Dynamips, the management console has been 
adapted and updated for GNS3. I won’t cover every aspect of the console 
here, but I will show you some more useful things you can do with it. 

By default, the management console should be visible when you launch 
GNS3. If not, select View ► Docks ► Console to display the console window. 
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From the management prompt (=>), enter help or a question mark (?) 
to see a list of commands. As you can see from the following listing, you can 
perform familiar tasks from the CLI, such as starting and stopping devices: 


=> ? 

Documented commands (type help <topic>): 

console debug help reload show start stop suspend version 

To display the details and syntax of a specific command, enter help fol¬ 
lowed by a command name, as shown here: 


=> help show 

Show detail information about every device in current lab: 
show device 

Show detail information about a device: 
show device <device_name> 

Show the whole topology: 
show run 

Show topology info of a device: 
show run <device name> 


The show command offers a lot of different options to display information 
about your hypervisors, devices, and configurations. For example, the show 
run command displays the entire contents of your project configuration hie. 

Two commands that are useful for testing networks are suspend and 
start. Together they can be used to simulate a router failure and recovery. 
Another helpful command is the debug command. It can provide useful 
information when a project isn’t running properly. 


Creating Projects Using Multiple PCs 

You can run devices using multiple PCs, allowing you to distribute the 
resource load across multiple computers. Sharing resources lets you use one 
PC to design your projects while running the devices themselves on one or 
more other PCs. This means you can create and manage your GNS3 project 
using a low-end workstation (such as an old laptop) while actually running 
the devices on a high-end server. If you use multiple servers, you could 
build a GNS3 uberlab! 

In this section, I'll show you how to share resources in a basic client/ 
server setup and cover strategies for creating an uberlab. Disable the fire¬ 
walls on all PCs before you begin configuring client/server (or multiserver) 
load sharing, and let’s get started. 
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A Dynamips Client/Server Setup 

In this scenario, you operate GNS3 on one computer, while another GNS3 
server runs on another PC. If you’re running GNS3 on OS X or Windows, 
this may sound familiar because that’s how the IOU virtual machine works. 
The IOU virtual machine runs on a virtual computer rather than on a sepa¬ 
rate PC, but otherwise, the concept is the same. 

Preparing Your Workstations 

In this example, I will use Windows for the client PC and Ubuntu Linux for 
the server PC. Begin by installing GNS3 on the two workstations. One work¬ 
station will be the client, where you configure and manage your projects, 
and the other is the server. The server will run only Dynamips routers, and 
it should have the better hardware because it will do most of the work. The 
more processing power and memory the server has, the better your devices 
will perform. 

Launch GNS3 on each computer and configure an IOS image hie. This 
lets you run both local and remote Dynamips routers at the same time and 
network them together using GNS3 from the client PC. When configuring 
GNS3 on the server PC, be sure to record the path and filename of your IOS 
image hie. On my Ubuntu server, my image hie path is /home/jneumann/ 
GNS3/images/IOS/c3725-adventerprisek9-mz.l24-15.T14.image. You need this 
information to conhgure the remote Dynamips router on the client PC. 

Next, hnd the IP address of each of your GNS3 PCs. In this example, my 
client PC is configured with the IP address 172.16.231.202, and my server PC 
is configured with the IP address 172.16.231.205. After conhguring GNS3 and 
recording the IP and image path information, you should be ready to begin. 

Running gns3server 

You must run the gns3server program from its install directory. Log on to 
the remote server PC and open a terminal window on Linux and OS X 
or a command prompt if you’re running Windows. On Windows, go to 
the C:\Program Files\GNS3 directory, and on OS X go to the /Applications/ 
GNS3.app/Contents,/Resources,/Server/Contents,/MacOS directory. 

When starting the server program, you have to specify the IP address 
of your server PC and the port number that the server will listen on; enter 
the command gns3server --host server-ip --port port-number. If you don’t 
know the IP address of your server PC, you can be lazy and use 0.0.0.0 and 
gns3server will listen on all configured interfaces. In the following example, 
I’ve started the gns3server program on Ubuntu Linux from the / usr/local/ 
bin/ directory. 


$ gns3server —host 172.16.231.205 --port 8000 

2015 - 06-06 18:32:45 INFO main.py:l45 GNS3 server version x.x 

2015-06-06 18:32:45 INFO main.py:l47 Copyright (c) 2007-2015 GNS3 Technologies 

Inc. 

2015-06-06 18:32:45 INFO main.py:l50 Config file /home/jneumann/.config/GNS3/ 
gns3_server.conf loaded 
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2015-06-06 18:32:45 INFO main.py:l63 Running with Python 3.4.2 and has PID 3436 
2015-06-06 18:32:45 INFO main.py:72 Current locale is en_US.UTF-8 
2015-06-06 18:32:45 WARNING project.py:397 Purge old temporary project f3bllfb8 
-82ed-42cl-b66a-226l98ce6l89 

2015-06-06 18:32:45 INFO server.py:2l4 © Starting server on 172.16.231.205:8000 

After starting the server, you should see similar output, and if all goes 
well, the server will start on 172.16.231.205:8000 O, shown on the last line 
of the output. This indicates the server program is listening on IP address 
172.16.231.205 using port number 8000. 

If you want the GNS3 server to listen on some other port number, say 8001, you can 
enter gns 3 server --host 172. 16 .231.205 --port 8001 instead. To see a complete list 
of server options, enter gns 3 server —help from the command line. 

Configuring the Client 

That’s all there is to configuring the server, so you can turn your atten¬ 
tion to the GNS3 client, a Windows PC in this example. In GNS3, select 
Edit ► Preferences and select GNS3 Server, as shown in Figure 10-11. 



Figure 10-11: Setting the host binding to the IP address of the Ethernet adapter 
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Click the Host binding drop-down menu and select the IP address of 
your Ethernet interface. On this PC, the address is 172.16.231.202. Click 
Apply to complete the configuration. 

Next, add the remote GNS3 server’s IP address to the remote server list 
on the client. Click the Remote Servers tab, as shown in Figure 10-12. 


e 


Preferences 


General |GNS3 server preferences 

GNS3 server 
Packet capture 
VPCS 

* Dynamips 

IOS routers 
' IOS on UNIX 
IOU devices 

* VirtualBox 

VirtualBox VMs 
■* QEMU 
QEMU VMs 


Host: 

172- 16.231.2C5 
Port: 

8C01TCP 

Add Delete 


Restore defaJts 

OK | Cared Apply 


Local server Remote servers 

Host Port 

172-16.231.204 8000 
172.16.231.205 8000 


Figure 10-12: Configuring the remote server IP on the client host 

In the Host Held, enter the IP address of the remote GNS3 server. In 
this example, that IP address is 172.16.231.205. The default port number 
should be 8000, but you can change it if you’ve chosen some other port 
number on the remote PC. After adding the remote server, click Apply to 
save the settings. 

Next, select Dynamips from the side menu and click the General settings 
tab, as shown in Figure 10-13. 

Uncheck the Use the local server setting and click Apply. This ensures 
that you have the option to select a remote server when you configure a 
Dynamips router. Next, click IOS routers, as shown in Figure 10-14. 
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Preferences 


e 


General 

[ Dynamips preferences 

Server 


_ . 

G«ner« rettngs Adrsncrt Kttng* j 

racket capture 


VPCS 

□ use r* be * server 

- Dynamips 

Path toDynamps: 

IOS routers 


- IOS on UNIX 


IOU devices 


' VirtualBox 


VirtualBox VMs 


- QEMU 


QEMU VMs 



Restore defaib 


OK Caned A«0> 


Figure 10-13: Dynamips server settings 


e 


Preferences 


General 
GNS3 server 
Packet capture 
VPCS 

* Dynamips 

IOS routers 
'IOS on UNIX 
IOU devices 

* VirtualBox 

Virtual Box VMs 
-QEMU 
QEMU VMs 


1 IOS routers preferences 


^ c3725 
& C7200 


a General 

Name c3725 

Server: local 

Platform: c3725 

image c3?25 - adventefpnseW*mi.124*1S.I14.image 

Idle-PC: 0x60e086a8 

Startup-config: configt\ios_bas«_startup-conf>g.M 

Prr/ate-config: configs' ios_ba5e_pnv*te-config.trt 

a Memories and dnlu 

RAM: 128 MiB 

NVRAM: 256 KiB 

I/O memory: 5% 

PCMCIA diikO: 1 MiB 

PCMCIA diski: OMIB 

a Adapter* 

SiotO: GT96100-FE 


Figure 10-14: Configuring a remote Dynamips router 
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Click New to add a remote IOS router to your client PC, as shown in 
Figure 10-15. 

6 New IOS router 

Server 

Please choose a server type to run your new IOS router. 

Server type 
(•) Remote O Local 

Remote servers 

[~1 Load balance across all available remote servers 
Run on server: 172.16.231.205:8000 



< Back Next > I Cancel 

Figure 10-15: Selecting the Remote server type 

Under Server type, select Remote and uncheck Load balance across all 
available remote servers. Click the Run on Server drop-down menu, select 
your remote server’s IP address from the list, and click Next to continue. 
Enter the path and IOS image name that you recorded from the remote 
server, as shown in Figure 10-16. 

@ New IOS router 

IOS image 

Please choose an IOS image. 

IOS image: [jmann /GNS3/images/IOS/c3725-adventerprisek9-mz. 124-15.T14.image Browse... 


< Back | Next > | Cancel 

Figure 10-16: Entering the remote IOS image path 
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After entering the path and filename, click Next to continue. Enter a 
name in the Name held for your router, as shown in Figure 10-17. 


^ New IOS router - c3725-adventerprisek9-mz.124-15.T14.image 

Name and platform 

Please choose a descriptive name for this new IOS router and verify the platform | 
and chassis. 


Name: c3725_on_Ubuntu| 

Platform: c3725 
Chassis: 

H This is an EtherSwitch router 


< Back | Next > | Cancel 


Figure 10-17: Naming your router 


I’ve named my router c3725_on_Ubuntu so that I can easily identify the 
router in the Devices toolbar, and I know from the name that it’s config¬ 
ured to run on a remote server. 

At this point, you can click through the remaining options as if you’re 
configuring a local Dynamips router. Be sure to enter an Idle-PC value 
when asked, or calculate one if you haven’t already done so. Remember, 
Idle-PC values are calculated on a per-image basis, so the same value can 
be used on any PC that’s using the same IOS image Hie. 

When you’re finished adding the router, it should 
be displayed in the Routers section of the Devices tool¬ 
bar, as shown in Figure 10-18. 

This example has two c3725 routers; one is a local 
router installed on the Windows PC, and the other 
is installed on the remote Ubuntu server. When you 
create a project, you can use both routers in the same 
project, reducing the CPU and memory consumption 
on the client PC by half. 

Now that you know how to set up GNS3 using 
multiple PCs, you can leverage the ability to create 
large GNS3 projects. 


Routers O 

^ C3725 

c3725_on_Ubuntu 
|j^| c7200 


Figure 10-18: Routers 
section of the Devices 
toolbar 
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RUNNING QEMU ON A REMOTE SERVER 

In addition to running IOU and IOS routers on a remote server, you can also 
run QEMU on a remote server. Just be sure to install QEMU on the server PC 
before you begin. The process of setting up a remote QEMU device on the 
client PC is almost the same as any other remote device. However, during the 
New QEMU VM wizard, you will need to select the QEMU binary file for the 
virtual machine, shown in Figure 10-19. 



Figure 10-19: Configuring the QEMU binary 

GNS3 should query the remote server for a list of installed QEMU binary 
files, and the virtual machine that you create should run on the remote server 
using the binary file that you select. Use the drop-down menu to select a binary 
file for your virtual machine, usually qemu-system-i386 or qemu-system-x86_64. 
Adjust the RAM size and click Next. Configure the remaining options as if the 
virtual machine were a local device. 


Creating a GNS3 Uberlab 

GNS3 is all about scalability, and you can use it to create really large proj¬ 
ects with dozens of switches and routers. One of the best ways to create an 
uberlab is to use multiple GNS3 servers. But what if you have one really fast 
computer and a few others that don’t perform as well? In that case, you may 
want to run more devices on one machine than the other. For example, 
you might run most of your routers on the high-end server and run fewer 
devices on the less powerful machines. 
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An uberlab doesn’t need to be confined to computers running on 
your local area network. If you’re using GNS3 on a corporate network with 
multiple sites connected by a VPN, you can use the client/server model to 
run a variety of hypervisors from across town or even across the country! 

All you have to do is start the gns3server application on a remote computer 
(over the VPN) and configure your local client using the IP address of the 
remote PC. The only difference between this and a regular client/server 
setup is that packets will be sent through the VPN to the remote server. 


Nerdy Labs for Fun and Profit 

You’ve explored the tools you need to configure all sorts of projects in 
GNS3, but what should you do with this newfound knowledge? You could 
study for certifications or just have some fun! In this section, I discuss both. 
Many of these projects are intended for advanced users, but feel free to 
modify them to create projects and challenges that are better suited for 
your skill level. 

Preparing for Cisco Exams 

GNS3 is an amazing tool for education and certification, and it has every¬ 
thing you need to get Juniper or Cisco certified, starting at the entry-level 
JNCIA or CCNA all the way up to the crown jewel of Cisco certifications, 
the CCIE. 

For entry-level exams such as CCNA or CCNP, start by searching online 
to find all sorts of network examples. You may even want to use the CBT 
Nuggets or Bryant Advantage videos with GNS3. Their videos are a good 
way to get started, and GNS3 is a great tool for experimenting with the 
concepts they introduce. If you’re studying for CCIE, you may want to use 
something like the INE workbooks (http://www.ine.com/). They’ve proven 
themselves as leaders in CCIE lab preparation. 

Securing Your Networks 

These days, just about everyone stores confidential information on some 
sort of network server, so having a secure network infrastructure isn’t just 
a good idea, it’s a way of preventing substantial financial losses, unwanted 
lawsuits, and entanglements with your firm’s errors and omissions (E&O) 
insurance carrier. 

In this section, I outline a few security-related challenges that can be 
fun and educational, and prevent data theft or loss. 

The "Hack My Rack" Challenge 

Host a security competition with your friends! Each challenger creates a 
GNS3 project on their PC and applies as much security as they can to their 
devices. The challenge is for each user to crack the other users’ security. 
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After each user creates their own network on their PC, they’re allowed to 
install one VirtualBox virtual machine on their friend’s PC with any system¬ 
cracking tools they want to use. When the challengers are done creating 
their networks, they swap computers and start the clock. Now the Battle Royale 
begins! Use your VirtualBox virtual machine to crack into another chal¬ 
lenger’s GNS3 network. 

Creating Cisco VPNs 

Create a Cisco site-to-site VPN or multisite VPN using Cisco routers and 
ASA devices. Try your hand at configuring a multihomed Cisco router with 
VPN failover. In this scenario, your WAN edge routers might have two or 
more interfaces configured with BGP to simulate WAN links to an Internet 
service provider. Someday you may want one of your own, or a client might 
need one. Learning how to do it in GNS3 is better than figuring it out on 
your client’s time! 

Practicing Real-World Scenarios 

The following project ideas are designed to get you thinking about life out¬ 
side of the GNS3 sandbox. As a network administrator or engineer, you’ll 
need to understand the interworkings of multihomed networks, switch 
block design, and multiserver integration, just to name a few. Designing, 
running, and troubleshooting these types of networks in GNS3 is great 
preparation for the real world. 

Cisco Switch Block Design 

Understanding switching is an important part of managing networks. 
Although the GNS3 EtherSwitch router and IOU have restricted functional¬ 
ity, they’re useful for configuring and testing redundant switch blocks with 
protocols such as HSRP, VRRP, and GLBP. Try your hand at creating a fully 
redundant Cisco campus model switch block with Internet access. 

Multihomed Networks 

Although many small businesses connect to the Internet using a single static 
IP address, larger companies need more static IPs and BGP links to main¬ 
tain their presence on the Internet. Using a few GNS3 routers and BGP, you 
can simulate a multihomed network connected to multiple Internet service 
providers. Add additional routers to your bogus ISP to simulate sites such 
as http://www.google.com/ or http://www.gns3.com/. Then ping the bogus sites 
from your multihomed network. 

Multiple Vendor Integration 

Create a project using Cisco, Juniper, Arista, Linux, or any other routable 
device you can think of. Configure the devices using open standards such 
as RIP, OSPF, BGP, or other open standards that are supported by all the 
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vendors or use route redistribution to translate routes from one vendor 
device to another. The idea is to learn as much as you can about multi¬ 
vendor integration. 

Use Everything, Including the "Kitchen Sink" 

This project involves everything ! It’s simple: build the biggest, most badass 
project you can imagine. Use as many remote PCs as you can and run every¬ 
thing GNS3 has to offer: Cisco routers, switches, ASAs, IDSs/IPSs, Juniper, 
Firefly, Vyatta, Arista, and anything else you can think of. Apply every rout¬ 
ing and switching protocol, and test end-to-end connectivity using ping or 
traceroute. Be sure to set up at least one ATM switch, a Frame Relay cloud, 
and a VPN or two. 

How Many Routers Does It Take to Blow Out a Lightbulb? 

Here’s a fun way to earn bragging rights. Challenge a friend to see whose 
PC can run the most routers in GNS3. With the right Idle-PC value, you 
may find that you can run more than 100 before Dynamips crashes or 
GNS3 starts to slow down too much to use. One trick is to run GNS3 on 
Linux because Dynamips seems to scale better on Linux than it does on 
Windows or OS X. 

Routers Gone Rogue 

This “fly in the ointment” challenge is another way to have fun with a 
friend. Each challenger builds a complex network using as many routers 
as they want. The more the better! The networks are then configured and 
thoroughly tested. Once both challengers are happy that their networks are 
running properly, they swap computers and break each other’s networks by 
changing a few configuration settings (dropping a fly in the ointment). 

A break could be as simple as shutting down an interface or as complex 
as filtering BGP routes. It all depends on the skills of the individuals and 
the complexity of their networks. Once the networks are broken, the com¬ 
petitors swap computers again, and each tries to be the first to analyze and 
repair their original network. 


Final Thoughts 

A virtual Cisco access server takes some work to set up, but once configured, 
it’s an easy way to manage your devices. If you have a small project that uses 
only a few routers, then it may not be necessary. But if you have to manage a 
few dozen devices, it quickly becomes an invaluable tool. 

GNS3 runs on multiple PC operating systems, but you’re not stuck 
with the one you’re currently using. Moving projects between systems is 
fairly straightforward, so don't be afraid to try something new. GNS3 was 
designed using Linux and ported to Windows and OS X, so it runs great on 
Linux and generally uses fewer resources than it does running on Windows. 
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If you don’t have the newest PC hardware, you can load-balance hyper¬ 
visors across multiple PCs and create large projects that run better than 
they will on a single PC. This is also a great way to repurpose those old PCs 
you have lying around your home or office. 

But the most important thing to remember about GNS3 is that it’s fun 
to use because you get to create networks that otherwise may be out of your 
reach. So be creative, and have fun! 
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help! i’ve fallen 

AND I CAN’T GET UP 


GNS3 is a complex program, and like any¬ 
thing complex, it will occasionally behave 
in unexpected ways. I’ve already included 
troubleshooting tips throughout the book, 
so in this appendix I won’t provide a lot of break-fix 
information. Instead, I will provide you with basic 
strategies for solving problems, and I’ll cover a few 
common problems and possible solutions. 

Identifying the Problem 

GNS3 problems broadly fall into two categories. 

Sudden Problems Problems that occur with a previously working 
project. 

Feature Problems Problems that occur when implementing a new 
feature. 



Sudden problems appear out of nowhere. Your project may have been 
running fine for weeks, and then all of a sudden it won’t open, or when it 
does open, devices refuse to start. Feature problems typically occur when 
creating a new project or implementing a new feature in an existing project. 
Both problem types can be frustrating, and if you use GNS3 for any length 
of time, you’re likely to encounter at least one of them. 


Sudden Problems 

When a project has been running well and suddenly develops a problem, 
it usually indicates that something has changed. Something could have 
changed on your PC, within GNS3, or in the project itself. For GNS3’s part, 
it could be that you inadvertently changed a setting or made changes to a 
helper application such as Dynamips, QEMU, or VirtualBox. It could also 
mean that you upgraded to a problematic version of GNS3. Whenever a new 
version of GNS3 is released, it’s always a good idea to test it using a spare PC 
or virtual machine before you upgrade your production environment. This 
section provides tips to help correct a few sudden problems. 

Stopping Dynamips Crashes 

An unstable Dynamips program can result in lost connections to devices. 

In this case, you may see a GNS3 console error message indicating that 
Dynamips has stopped running, as shown in Figure A-l. 

Console * 

GNS3 management console. Running GNS3 on Linux (64-bit). 

Copyright (c) 2006-2014 GNS3 Technologies. 

=> Server notification: node SW1: Dynamips has stopped running 

Figure A-l: Communication failure with Dynamips 

This message may indicate that you’re running software in your PC that 
conflicts with Dynamips, that you have an unstable Dynamips build, or that 
you don’t have enough free PC resources, such as memory or CPU cycles. 
Try closing any nonessential applications, rebooting your PC, disabling 
all antivirus/antispam software, and disabling your firewall. If Dynamips 
continues to crash, you may have to re-install or restore Dynamips or GNS3 
from a backup. 

When I0S Images Fail to Load 

Router memory is a common problem that can cause Dynamips routers to 
misbehave. When a router refuses to start, check the Cisco RAM require¬ 
ments for the exact version of the IOS image you’re using—you may have 
assigned it too much memory or not enough. To verify the requirements, 
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visit the Cisco Feature Navigator website; browse to http://tools.cisco.com/ 
ITDIT/CFN/jsp/index.jsp. From here, you can use the Search by Software 
feature to enter the details of your IOS, and the navigator will provide you 
with the requirements. 

If the RAM setting of an IOS router is set too low, the router may either 
fail to start or crash upon starting, and the GNS3 Console window may dis¬ 
play an error message, like the one shown in Figure A-2. 

Console @ @ 

GNS3 management console. Running GNS3 on Linux (64-bit). 

Copyright (c) 2006-2014 GNS3 Technologies. 

•> Server error [-3200]: unable to start VM Instance 'Ghost'load_elf Jmage: Invalid load address 0xffffffff82000000 

C7200 'Ghost': failed to load Cisco IOS image '/home/jneumann/GNS3/images/lOS/c269l-advipservicesk9-mz.l24-15.T6.image'. 

Figure A-2: Failed to load Cisco IOS image error message 

In this case, you should reconfigure the router and assign it more mem¬ 
ory. Right-click the router and select Configure to bring up the GNS3 Node 
Configurator. Choose your router name from the pane on the left and click 
the Memories and disks tab to display the RAM setting. 

If you increase the memory and the router still refuses to start, you may 
have a corrupted IOS image file and should try a different one. 

When you have a corrupt IOS image file, it may not display any error 
messages in the GNS3 Console window. Instead, the router console may 
be unresponsive or display information that may provide a clue about the 
problem, as in Figure A-3. 


OSS R1 

PC = Qx8G24ed44, Cause = 0x0000000c, Status Reg = 0x34400002 

*** TLB (St 

re) Exception *** 

PC = 0x8024ed44, Cause = 0x0000000c, Status Reg = 8x34408002 


TLB (Store) Exception *** 

PC = 0x8024ed44, 


400002 


•* 

Cause = 0x0000000c, Status Reg = 8x3 


*** TLB (Store) Exception *** 


PC = 0x8024ed44, Cause = 0x0000000c, Status 


eg = 0x34400002 


*»» TLB (Store) Exception **» 


Status Reg = 0x34400002 


PC = 0x8024ed44, Cause - 0x0000000c 


*** TLB (Store) Exception *** 


PC = 0x8024ed44, Cause = 0 


0000000c, Status Reg = 0x34400002 


*** TLB (Store) Exception * 


Figure A-3: IOS image fails to load 
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The console output shows that IOS is flinging exception errors at an 
alarming rate. This can indicate that the IOS image hie is corrupt or that 
it’s been misconhgured in GNS3. Verify and correct the image settings 
using the Cisco Feature Navigator or replace the image hie if necessary. 

Resolving IOS Memory Errors 

Adding too much memory to a Dynamips router can prevent a router 
from booting properly. For instance, the maximum RAM handled by a 
c7200 with NPE-400 is 512MB. If you add more, say 1024MB, you may see 
an error message in the GNS3 Console window or the following message 
displayed in the router console: 


Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15 . 2 ( 4 ) 
S2, RELEASE SOFTWARE (fcl) 

Technical Support: http://www.cisco.com/techsupport 
Copyright (c) 1986-2012 by Cisco Systems, Inc. 

Compiled Tue ll-Dec-12 13:32 by prod_rel_team 

!!! WARNING - VM is not running, will be unresponsive (status=l) !!! 


The router console message, !!! WARNING - VM is not running, will be 
unresponsive (status=l) !!!, is a clear indication that this router has crashed 
on startup. In this case, stop the device and check its configuration. The 
issue indicated here is that the device has been assigned too much memory. 
To correct the problem, reduce the amount of memory assigned to the 
device or replace the IOS image Hie with a different version. 

Even when a router appears to run properly, you may encounter errors 
while configuring IOS. Here is an interesting situation where a router boots 
successfully even though it’s low on memory but displays error messages 
while being configured: 


Rl(config-if)#ip nat inside 
% NBAR ERROR: parsing stopped 

% NBAR Error : Activation failed due to insufficient dynamic memory 
% NBAR Error: Stile could not add protocol node 
%NAT: Error activating CNBAR on the interface Vlanl 
Rl(config-if)# 

*Mar 1 00:00:57.127: %LINEPR0T0-5-UPD0WN: Line protocol on Interface NVI0, 
changed state to up 

*Mar 1 00:00:57.251: %SYS-2-MALL0CFAIL: Memory allocation of 10260 bytes 
failed from OX 62915 CD 4 , alignment 0 

Pool: Processor Free: 18968 Cause: Memory fragmentation 
Alternate Pool: None Free: 0 Cause: No Alternate pool 
-Process= "Exec", ipl= 0, pid= 195, -Traceback= OX 6148 BFF 8 0 x 60016604 
0x600lC564 0 X 6001 CBBC Ox636756E4 0 X 62915 CDC OX 628 F 468 C OX 628 F 88 C 4 Ox628F5968 
OX 628 F 87 AO Ox628F5968 0x628F8344 Ox628F5968 OX 628 F 5 B 2 C OX62928FBC 0x62933A20 
Rl(config-if)# 
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*Mar 1 00:00:57.275: %NBAR-2-N0MEM0RY: No memory available for StILE lmalloc, 
-Traceback= OX6148BFF8 Ox62915CF8 OX 628 F 468 C Ox628F88C4 OX628F5968 OX 628 F 87 AO 
Ox628F5968 Ox628F8344 Ox628F5968 OX 628 F 5 B 2 C 0X62928FBC 0x62933A20 0X62920BD0 
0X6293DF70 0X6293E2F0 OX61C77C70 
Rl(config-if)# 


In this example, router R1 was running fine until I attempted to con¬ 
figure network address translation. Because this router is low on memory, 
Cisco IOS immediately displays memory allocation error messages. Assigning 
more memory to the router in GNS3 should correct the problem. 

Resolving NIO Errors 

NIO errors occur most often when you’re attempting to link a GNS3 device 
to a physical Ethernet adapter in your PC using the Cloud node. If you’re hav¬ 
ing trouble linking devices to each other or to a Cloud node or if you receive 
an NIO error message like the one shown in Figure A-4, you may have a per¬ 
missions problem. 

Comole OS 

CNS3 management console. Running CNS3 on Linux (64-bit). 

Copyright (c) 2006-2014 CNS3 Technologies. 

=> Server error [-3200] from 127.0.0.1:8000: R1: unable to create generic ethernet NIO 


Figure A-4: Unable to create generic Ethernet NIO error message 

In this case, you may need to assign yourself elevated privileges. If 
you’re running GNS3 on Windows, launch GNS3 using the administrator 
account: right-click the GNS3 icon, and select Run as Administrator. If 
you’re using OS X, you may need to assign ownership permissions to the 
/dev/tap or /dev/bpf device hies, as in the following example: 


$ sudo chown $(id -un):$(id -gn) /dev/bpf* 
$ sudo chown $(id -un):$(id -gn) /dev/tap* 


These commands will assign the currently logged-in user’s user ID to 
the device hies, allowing your user account to use the hies while running 
GNS3. You will have to set these permissions each time you reboot your Mac 
because OS X resets all device hie permissions at startup. 

For a high degree of security, use the setcap command to elevate the 
capabilities of the dynamips hie. On Ubuntu, you may need to install libcap2 
before entering the setcap command. 


$ sudo apt-get install libcap2 

$ sudo setcap cap_net_raw,cap_net_admin+eip /usr/local/bin/dynamips 
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LINUX SECURITY CONSIDERATIONS 

If you're running Linux, you may need to run Dynamips with elevated permis¬ 
sions. For this, there are two methods to choose from depending on your Linux 
distribution. 

You can use the Linux chown and chmod commands, or you can use the 
setcap command. Both methods should resolve a permissions issue, but the 
chmod/chown method is less secure because it gives the Dynamips application 
the ability to run with full root-level permissions. If malicious code were to get 
into Dynamips, your entire Linux security could be compromised. The Linux 
setcap command allows you to assign root-like capabilities to a file, without 
actually giving the file root-level permissions. This gives Dynamips the permis¬ 
sions it needs, without compromising Linux security by over-subscribing root- 
level permissions. Therefore, it's the preferred method to fix GNS3 NIO errors. 

Unfortunately, setcap is not available across all Linux platforms, but it is 
supported on Ubuntu and most Debian-based systems. 

__ 


If you’re unable to use the setcap command, instead use the chown and 
chmod commands to elevate Dynamips with root-level privileges. 


$ sudo chown root /usr/local/bin/dynamips 
$ sudo chmod 4755 /usr/local/bin/dynamips 


If you’re unable to connect an IOU device to a physical adapter or a 
virtual TAP adapter on Linux, try applying the setcap commands to the 
iouyap application. This works because iouyap is the GNS3 software that 
bridges IOU devices to other GNS3 devices, as well as virtual and physical 
interfaces. Here, you give iouyap the same elevated capabilities that you just 
gave Dynamips: 


$ sudo setcap cap_net_raw,cap_net_admin+eip /usr/local/bin/iouyap 


Another possible NIO problem is the method you choose for con¬ 
necting GNS3 to your physical Ethernet adapter. This is especially true on 
Windows PCs. If you’re using Windows 7, when attempting to connect GNS3 
to the Internet, create a bridge using your physical Ethernet adapter and a 
loopback adapter (described in “Connecting GNS3 Devices to the Internet” 
on page 120). If you’re running Windows 8, you may get better results if 
you connect the Cloud node directly to your physical Ethernet adapter or 
use Internet Connection Sharing. 

Correcting Console Problems 

Console problems could prevent a console from opening, cause it to open 
and immediately close, or cause it to act sluggish or unresponsive when con¬ 
figuring a device. There are a number of reasons why a console connection 
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might misbehave. Most often the problem occurs because of improperly 
configured settings in GNS3, such as QEMU device settings or VirtualBox 
settings, but it could also be a problem with a device image, such as a cor¬ 
rupt IOU or ASA image hie. 

When a console won’t open, first check the GNS3 Console Application 
preference. Open Preferences, select General from the pane on the left, 
click the Console Applications tab, and make sure the terminal type listed 
under Preconfigured terminal commands matches your operating system’s 
terminal program. If not, use the drop-down menu to select your terminal; 
then click Set, Apply, and OK to save the configuration. 

If you find that you are immediately disconnected after you open a 
console, then your firewall may be blocking the network connection from 
the console application to your GNS3 device. If the device is a QEMU 
device, the problem is often related to the QEMU virtual machine itself 
or its configuration. First, verify that you’ve assigned the correct amount 
of memory to the QEMU virtual machine. You can visit the GNS3 Jungle 
forums or a third-party vendor website to verify the requirements for the 
device. If the memory allocation is correct and the problem persists, check 
the QEMU virtual machine device properties. Go to Preferences and select 
QEMU VMs from the pane on the left. Select your QEMU device from the 
list, click Edit, and click the Advanced settings tab. Verify that the options 
under Additional Settings are correct. If they’re not, fix the entry and try 
again. 

Similarly, you can troubleshoot your VirtualBox virtual machines by 
examining the virtual machine’s settings. Go to Preferences and select 
VirtualBox VMs from the pane on the left. Select your VirtualBox device 
from the list, click Edit, and click the General settings tab. Verify the 
Enable Remote Console and Start VM in Headless Mode options are con¬ 
figured correctly for your VirtualBox virtual machine. 

If your console is sluggish when you start a Dynamips router, the router 
may not have been assigned an optimal Idle-PC value. A poorly chosen 
Idle-PC value can be just as devastating on your CPU as having no value 
set at all. To verify or set your Idle-PC value, right-click the router, select 
Configure to open the Node Configurator, and check your Idle-PC value 
on the Advanced tab. If the router has been assigned an Idle-PC value and 
the device is consuming a lot of CPU, then you may need to recalculate the 
value. (See “Setting a Manual Idle-PC Value” on page 26.) 

Your console may also be sluggish if you’ve changed any of the Dynamips 
advanced optimization settings, such as Idlemax or Idlesleep. Idlemax and 
Idlesleep are used in conjunction with the Idle-PC value; Idlemax deter¬ 
mines how often to sleep while executing idle loops in the router code, and 
the Idlesleep value determines how long to sleep. Try resetting them to 
their default values by clicking the Reset button, as shown in Figure A-5. 

The GNS3 development team has determined that the default values 
of Idlemax and Idlesleep are optimal for most users, but you may be able to 
squeeze out a little better CPU performance by altering them as described 
in “Conserving Resources” on page 214. 
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O ^ Node configurator 


^^R°jjt^ 69 ^roup ri configuration 

General Memories and disks Slots Advanced 

System 

System ID: FTXQ945W 0MY_ 

Confreg: 0x2102 

Base MAC: CO01,3d0e.0000 

Optimisations 

Idle-PC: 0x60b6add4 

idlemax: | S00 ' 

Idlesleep: 30 ms ' 

Exec area: | 64 MiB ‘ 

S Enable mmap support 
M Enable sparse memory support 

Reset Apply 11 Cancel | OK 

Figure A-5: Advanced router configuration 

If the sluggish console is an IOU device and you’re using the IOU vir¬ 
tual machine (required for Windows and OS X), try assigning more mem¬ 
ory to the IOU virtual machine in VirtualBox. 

Feature Problems 

Feature problems occur when you try to implement a feature of GNS3 that 
you haven’t used before, and they usually result from some sort of user 
error. GNS3 has a lot of features and options, and projects can get compli¬ 
cated rather quickly, particularly when you run GNS3 using multiple PCs 
or when you add QEMU and VirtualBox virtual machines to your projects. 
Feature problems may also lie within the configuration of your devices. 

Configuration Issues 

If you’re experiencing a network routing problem inside a project, it may 
be that you’ve made a mistake configuring your device’s network operating 
system; after all, GNS3 is a learning tool, and you’re going to make mistakes 
along the way. When configuring features using operating systems such as 
Arista, IOS, and Junos OS, it’s easy to make a mistake that could break your 
network. Check your device configurations and make sure you haven’t 
assigned the wrong subnet mask to an IP address or forgotten to bring up 
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an interface. One way to prevent these sorts of problems is to configure 
your GNS3 project devices just as you would an actual network. Start with 
a few devices, configure and test them, and then keep adding and testing 
devices until you’ve created a fully functional project. 


Using Unsupported IOS Images 

In short, don’t try to use unsupported images. Dynamips supports a limited 
number of Cisco routers (see Appendix B for a complete list). If you see 
an unsupported image error, as shown in Figure A-6, when attempting to 
install an image hie, it’s because the image hie is not supported by GNS3. 


O IOS image 


This IOS image is for the c8S0 platform/chassis and is not 
supported by this application! 




Figure A-6: Unsupported IOS image error 


In Figure A-6,1 tried to use an image hie from a Cisco c850 router plat¬ 
form not supported by GNS3. The only option when you see this error mes¬ 
sage is to discard the hie and replace it with one that is supported by GNS3. 


The Nuclear Option 

If you continue to encounter problems with GNS3 after trying the actions 
discussed so far, you can take the nuclear option as a last resort and clear the 
GNS3 settings hie. Once you nuke the hie, you’ll lose all of your GNS3 set¬ 
tings, and you’ll have to reconfigure GNS3 as though it’s a newly installed 
system. 


NOTE 


None of your saved projects should be affected by clearing the GNS3 settings file, nor 
should VirtualBox or QEMU devices in those projects. 


Before you begin, back up your existing configuration hie. This will 
give you the option of returning to the old settings if you need to do so. Go 
to Preferences and choose the General preference; then, in the new win¬ 
dow select the General tab, as shown in Figure A-7. 

The GNS3 settings hie is displayed under Configuration hie O. To 
back up the hie, click the Export © button. Choose a name and a loca¬ 
tion to save the hie. Note the location of the original hie (in this example, 
it’s /home/jneumann/.config/GNS3/gns3_gui.conf), and once the export is 
complete, close GNS3 and delete or rename this original hie. Now when 
you reopen GNS3, all the preferences will be cleared as though you have 
installed it for the hrst time. If you decide that clearing the hie was a mis¬ 
take, you can use Import © to reinstate the original GNS3 settings hie. 
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Preferences 


General 

Server 

Packet capture 
VPCS 

’ Dynamips 
IOS routers 
*IOS on UNIX 
IOU devices 
* VirtueiBox 
VirtualBox VMs 
■* QEMU 

QEMU VMS 


General prefere nces 


General Console applications Topology view 

Miscellaneous 

Local paths 


My projects: 


/home/jneumann/GNS3/projects 

1 Browse... i 

My binary images: 


/home/jneumann/GNS3/images 

Browse... | 

style 


Classic 

Cj 


O Configuration file 

/home/jneumann/.config/GNS3/gns3_gui.conf 
©Import ©Export 


Restore defaults 


Apply Cancel ( OK 


Figure A-7: Exporting and clearing the CNS3 configuration file 


NOTE 


On rare occasions, the GNS3 settings file can become corrupted. Keep a current 
backup of your GNS3 settings file at all times so you can revert to a working version 
if needed. 


Overburdened Hardware 

When GNS3 is running slow and devices are crashing, it may be a clue that 
you’re overburdening your PC’s processor with too many devices; this will 
certainly slow down console response and can cause Dynamips to crash. If 
that’s the case, consider trimming down your project, upgrading your PC, 
or using multiple PCs with GNS3. A great way to create large projects with¬ 
out overworking your CPU is to load share your hypervisors across multiple 
PCs, as described in “Creating Projects Using Multiple PCs” on page 191. 


Resolving Port Number Conflicts 

At some point, other software on your computer will probably conflict with 
GNS3. This often happens when the software is using a port number that 
GNS3 needs. If the port number used is the same as your GNS3 server appli¬ 
cation, GNS3 will load, but the server should select another port number. 
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When this happens, investigate the problem using the netstat com¬ 
mand, which should be included on both Windows and Unix-based systems 
such as Linux and OS X. 


$ netstat -an|more 


Active 

Internet connections (servers 

and established) 


Proto 

Recv-0 

Send-0 

Local Address 

Foreign Address 

State 

tcp 

0 

0 

127.0.1.1:53 

0.0.0.0:* 

LISTEN 

tcp 

0 

0 

127.0.0.1:631 

o.o.o.o:* 

LISTEN 

tcp 

0 

0 

0.0.0.0:8000 

o.o.o.o:* 

LISTEN 

tcp 

0 

0 

127.0.0.1:39191 

127 . 0 . 0 . 1:80000 

TIMEJJAIT 

tcp6 

0 

0 

::1:631 

:; 

LISTEN 

tcp6 

l 

0 

::l:53974 

::1:631 

CLOSEJtlAIT 

udp 

0 

0 

0.0.0.0:59759 

o.o.o.o:* 


udp 

0 

0 

0.0.0.0:39309 

o.o.o.o:* 


udp 

0 

0 

127.0.1.1:53 

o.o.o.o:* 


udp 

0 

0 

0.0.0.0:68 

o.o.o.o:* 


udp 

0 

0 

0.0.0.0:631 

o.o.o.o:* 


udp 

0 

0 

0.0.0.0:5353 

o.o.o.o:* 


udp6 

0 

0 

:::57463 

:: :* 


udp6 

0 

0 

:::45876 

:: :* 


udp6 

0 

0 

:::5353 

:: :* 



TCP port number 8000 O is the default port number reserved for the 
GNS3 server program, but the netstat output shows that another application 
is using this port. To solve this problem, find the offending application and 
close it or change the default port number used by GNS3. To change the port 
number, go to Preferences ► Servers ► Local Server Port and set the port 
number to something other than 8000, such as 8001. 


Troubleshooting an ASA 

When you install an ASA in GNS3, make sure you select ASA 8.4(2) from 
the Type drop-down menu during the installation wizard. The GNS3 wiz¬ 
ard should then autohll the required fields with the correct information. 

If your ASA is configured correctly but it locks up or runs poorly, the 
ASA may be causing high CPU usage, which in turn causes your PC’s overall 
performance to suffer. You can greatly reduce the CPU usage by adjusting 
the CPU limit percentage for your ASA. Go to Preferences, select your ASA, 
click Edit, and enable CPU throttling. Be careful, though, because limiting 
the ASA CPU usage too much can also cause an ASA to become unrespon¬ 
sive. For the best results, try adjusting the setting until you find a sweet spot 
that reduces CPU usage without negatively impacting performance. 


Help! I've Fallen and I Can't Get Up 213 






Conserving Resources 

On the whole, GNS3 does a good job of handling projects of almost any 
size, provided you have the proper hardware resources, but the larger your 
project becomes, the more likely you are to encounter problems. The best 
way to avoid these problems is to take a minimalist approach when creating 
a project and avoid adding unnecessary complexity to your designs. 

Select Devices Carefully 

In GNS3, always choose devices that use the least amount of RAM and 
CPU consumption. For example, avoid using a c7200 router, which requires 
512MB of RAM, if you can get by using a c3700 router that uses only 128MB. 
When using Dynamips devices, use the same device model for all routers in 
your project; GNS3 can then share resources between them. Using several 
different router models can lead to resource consumption and poor perfor¬ 
mance. You can also use emulated devices, such as the Ethernet switch node 
rather than an EtherSwitch router, to conserve both memory and processor. 

Optimize Idle-PC Values 

To reduce system resource usage, fine-tune your Idle-PC values. Your cur¬ 
rent values may be fine when you’re running a small number of IOS devices, 
but larger projects will benefit from more optimized values. 

To find the best values for you, first put your computer in a mostly 
idle state: restart it and close all programs, including antivirus software. 

If you’re using Windows, close as many applications from the system tray 
as you can. When you’re ready, add a router to your workspace, start it, 
right-click the router, and choose Idle-PC to begin calculating Idle-PC val¬ 
ues. During the process, carefully monitor your CPU after applying each 
new value, and record all the values. Look for the one that uses the least 
resources, and when you find it, apply it to the device. 


Backing Up Your Projects 

Backing up your GNS3 projects is important, especially as they grow more 
complex and take more time to create. No one likes to lose the work they’ve 
spent hours creating! You can either back up the entire GNS3 folder, back 
up your projects folder, or back up individual project folders. 

Regularly backing up the entire GNS3 folder is the best way to ensure 
you always have a current copy of all projects and images, but it can be 
time-consuming and may require a fair amount of disk space. 

If you’re short on time or resources, at least back up individual projects 
from the projects folder. Make sure you still have a backup copy of your 
entire GNS3 folder and then update the full GNS3 backup by copying indi¬ 
vidual projects to the backup as needed. The disadvantage to this approach 
is that it relies on you remembering to copy new or updated projects every 
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time you update your backup, and you may forget to back up an important 
project. I know from experience that discovering you’ve just lost all the work 
that you put into a complex project can be a sobering revelation. 

I suggest a complete backup strategy, as well as backing up individual 
projects as you create them. You could create large projects in phases and 
test each component along the way and, once you have a group of com¬ 
ponents working properly, back up the project. Then, repeat this proce¬ 
dure until the project is fully configured and your network is functional. 
Employing GNS3 snapshots while creating complex projects can also be 
helpful: if you make a mistake, just revert to a working state by restoring a 
snapshot (refer to “Using the GNS3 Toolbar” on page 34). But no matter 
which backup strategy you choose, the simplest way to store your backup 
project files is by copying the entire project folder to a large thumb drive or 
external hard disk. 


Welcome to the Jungle 

When a problem is too great for you to figure out on your own, don’t be 
afraid to ask for help. The GNS3 website ( http://www.gns3.com/ ) provides 
a plethora of information and houses a dedicated forum, called the GNS3 
Jungle. Here you can report problems, ask questions, and help other users 
with their questions. To access the GNS3 Jungle, go to the GNS3 site and 
select Community. 

Before posting a question, search the site to see whether your question 
has already been asked and answered. The GNS3 Jungle has an extremely 
active member base, so questions generally receive quick responses. If 
you do post a question and it doesn’t receive an answer as quickly as you’d 
like, please don’t repost it or reply to your own post to bump it up the list. 
Posting the same question multiple times will only confuse the people 
trying to help. Usually when a question goes unanswered, it’s because no 
one currently viewing the forum has the answer. Be patient, and someone 
should respond in due time. 

When asking a question, I recommend providing the following 
information: 

• GNS3 version 

• Name and version of your operating system 

• Platform specifics (32-bit or 64-bit, processor, and RAM) 

• A clear description of the problem 

• A screenshot of error messages (if applicable) 

• A screenshot of preference settings (if applicable) 

• Topology (if applicable) 

• Device configurations (if applicable) 

Detailed information helps your fellow GNS3 users determine your 
problem and return a solution more quickly. 
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Final Thoughts 

Although GNS3 generally runs well, problems do crop up from time to 
time. In this appendix, you looked at some common problems and basic 
troubleshooting strategies for correcting those problems. 

You learned that firewalls, antivirus software, and occasionally a 
TCP/IP-based application can wreak havoc on GNS3. When in doubt, dis¬ 
able your firewall, disable your antivirus software, and close any unneces¬ 
sary programs before launching GNS3. 

You also learned that often the fastest way to fix a broken project is to 
restore the project from a backup. You should always keep a current backup 
copy of the entire GNS3 folder and your GNS3 settings hie. Restoring data 
from a backup is the surest way to get up and running after a disaster. 
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B 

CISCO HARDWARE 
COMPATIBLE WITH GNS3 


This appendix lists the Cisco hardware 
that’s supported by Dynamips and GNS3. 
Dynamips only emulates Cisco routers that 
use MIPS architecture and does not support 
all Cisco models. After the list of supported routers, 
you’ll find a list of recommended IOS image hies that 
GNS3 can automatically apply the correct Idle-PC val¬ 
ues to, without performing an Idle-PC calculation. 

Supported Cisco Hardware 

In GNS3, you can emulate Cisco routers from five different series (1700, 
2600, 3600, 3700, and 7200), with varying degrees of feature support. 



Table B-l: 1700 Series Routers 


Model 

Slots 

WIC 

Card Support 

1720, 1721, 
1750, and 
1751 

One (none available) 
CISCO1710-MB-1FE-1E in 
Slot 1 provides one Fast 
Ethernet: F0 

None 

None 

1760 

One (none available) 
C1700-MB-1ETH in Slot 1 
provides one Fast Ethernet 
port: F0 

Two 

WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

WIC-1ENET (1 Ethernet port) 

Table B-2: 2600 Series Routers 

Model 

NM Slots 

WIC 

Card Support 

2610 

One (one available) 
CISC02600-MB-1E 
in Slot 1 provides one 
Ethernet port: F0/0 

Two 

NM-1FE-TX(1 Fast Ethernet port) 
NM-1E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

2611 

Two (one available) 
CISC02600-MB-2E 
in Slot 1 provides two 
Ethernet ports: F0/0 and 
F0/1 

Two 

NM-1 FE-TX (1 Fast Ethernet port) 
NM-1 E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

2620 

Two (one available) 
CISC02600-MB-1FE in 

Slot 1 provides one Fast 
Ethernet port: F0/0 

Two 

NM-1 FE-TX (1 Fast Ethernet port) 
NM-1 E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

2621 

Two (one available) 
CISC02600-MB-2FE in 

Slot 1 provides two Fast 
Ethernet ports: F0/0 and 
F0/1 

Two 

NM-1 FE-TX (1 Fast Ethernet port) 
NM-1 E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

261OXM 

Two (one available) 
CISC02600-MB-1 FE in 

Slot 1 provides one Fast 
Ethernet port: F0/0 

Two 

NM-1 FE-TX (1 Fast Ethernet port) 
NM-1 E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

2611XM 

Two (one available) 
CISC02600-MB-2FE in 

Slot 1 provides two Fast 
Ethernet ports: F0/0 and 
F0/1 

Two 

NM-1 FE-TX (1 Fast Ethernet port) 
NM-1 E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 
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Model 

NM Slots 

WIC 

Card Support 

2620XM 

Two (one available) 
CISC02600-MB-1FE in 

Slot 1 provides one Fast 
Ethernet port: F0/0 

Two 

NM-1FE-TX (1 Fast Ethernet port) 
NM-1E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

2621XM 

Two (one available) 
CISC02600-MB-2FE in 

Slot 1 provides two Fast 
Ethernet ports: F0/0 and 
F0/1 

Two 

NM-1FE-TX (1 Fast Ethernet port) 
NM-1E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

2650XM 

Two (one available) 
CISC02600-MB-1 FE in 

Slot 1 provides one Fast 
Ethernet port: F0/0 

Two 

NM-1FE-TX (1 Fast Ethernet port) 
NM-1E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

2651XM 

Two (one available) 
GT96100-FE in Slot 1 
provides one Fast Ethernet 
port: F0/0 

Three 

NM-1FE-TX (1 Fast Ethernet port) 
NM-1E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

2691 

Two (one available) 
CISC02600-MB-2FE in 

Slot 1 provides two Fast 
Ethernet ports: F0/0 and 
F0/1 

Two 

NM-1FE-TX (1 Fast Ethernet port) 
NM-1E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

Table B-3: 3600 Series Routers 

Model 

NM Slots 

WIC 

Card Support 

3620 

Two (one available) 
CISC02600-MB-2FE in 

Slot 1 provides two Fast 
Ethernet ports: F0/0 and 
F0/1 

None 

NM-1FE-TX (1 Fast Ethernet port) 
NM-1E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
NM-4T (4 serial ports) 

3640 

Four 

None 

NM-1FE-TX (1 Fast Ethernet port) 
NM-1E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
NM-4T (4 serial ports) 

3640 

Four 

None 

NM-1FE-TX (1 Fast Ethernet port) 
NM-1E (1 Ethernet port) 

NM-4E (4 Ethernet ports) 
NM-16ESW (16 port switch) 
NM-4T (4 serial ports) 
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Table B-4: 3700 Series Routers 


Model 

NM Slots 

WIC Card Support 

3725 

Three (two available) 
GT96100-FE in Slot 1 
provides one Fast Ethernet 
port: F0/0 

Three NM-1FE-TX(1 Fast Ethernet port) 

NM-4T (4 serial ports) 

NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

3745 

Three (two available) 
GT96100-FE in Slot 1 
provides one Fast Ethernet 
port: F0/0 

Three NM-1FE-TX(1 Fast Ethernet port) 

NM-4T (4 serial ports) 

NM-16ESW (16 port switch) 
WIC-1T (1 serial port) 

WIC-2T (2 serial ports) 

Table B-5: 7200 Series Routers 

Model 

Slots Chassis NPE 

Card Support 

7206 

Six STD NPE-100 

VXR NPE-150 

N PE-175 
NPE-200 
NPE-225 
NPE-300 
NPE-400 
NPE-G2 

C7200-IO-FE (1 Fast Ethernet port) 
C7200-IO-2FE (2 Fast Ethernet ports) 
C7200-IO-GE-E (1 Gigabit Ethernet port) 
PA-FE-TX (1 Fast Ethernet port) 

PA-2FE-TX (2 Fast Ethernet ports) 

PA-4E (4 Ethernet ports) 

PA-8E (8 Ethernet ports) 

PA-4T+ (4 serial ports) 

PA-8T (8 serial ports) 

PA-A1 (1 ATM port) 

PA-POS-OC3 (1 POS port) 

PA-GE (1 Gigabit Ethernet port) 


IOS Compatibility 

The following routers are no longer getting IOS updates from Cisco. The 
IOS filenames listed here are the recommended versions for GNS3, though 
older versions should work fine. 


Table B-6: cl 700 Series Routers 


Version 

Filename 

MD5 Checksum 

Minimum RAM 

12.4.25d 

cl 700-ad venterprisek9 

3ed8d56a8757771105 

128MB 

Mainline 

-mz.l24-25d.bin 

a56070e4147716 


12.4.15T14 

cl 700-ad venterprisek9 

351190de8764263e85 

160MB 

Technology 

Train 

-mz.l24-15.T14.bin 

a2b50718f394fd 
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Table B-7: c2600 Series Routers 


Version 

Filename 

MD5 Checksum 

Minimum RAM 

12.4.25d 

Mainline 

c2600-adventerprisek9 

-mz.124-25d.bin 

8ecalf6fe57dfb3c3 

cf3568c0e475853 

128MB 

12.4.15T14 
Technology 
Train 

c2600-adventerprisek9 

-mz.l24-15.T14.bin 

12b8548b23e2ec593 
652ae9310ac797f 

256MB 

Table B-8: c269 

1 Series Routers 



Version 

Filename 

MD5 Checksum 

Minimum RAM 

12.4.25d 

Mainline 

c2691-adventerprisek9 

-mz.l24-25d.bin 

a8elf5821d874565 

95488d6221ce42e5 

192MB 

12.4.15T14 
Technology 
Train 

c2691-adventerprisek9 

-mz.l24-15.T14.bin 

91388104d7276ad 

09204e36d2dfcf52d 

256MB 

Table B-9: c3620 Series Routers 

Version 

Filename 

MD5 Checksum 

Minimum RAM 

12.2.26c 

c3620-a3jk8s-mz,122 

-26c.bin 

dd34b958ad362ef54 

ba48bl87f4c97b4 

64MB 

Table B-10: c3640 Series Routers 

Version 

Filename 

MD5 Checksum 

Minimum RAM 

12.4.25d 

Mainline 

c3640-a3js-mz,124-25d 

.bin 

db9f63cal b46d 18f 
b835496bfffe608a 

128MB 

Table B-ll: c3660 Series Routers 

Version 

Filename 

MD5 Checksum 

Minimum RAM 

12.4.25d 

Mainline 

c3660-a3jk9s-mz,124 

-25d.bin 

4ac7e947fl 3cl 89d 
746149dc74992890 

192MB 

12.4.15T14 
Technology 
Train 

c3660-a3jk9s-mz 

.124-15.T14.bin 

39950b7a563aa08 

e94al68260409fle6 

256MB 

Table B-12: c3725 Series Routers 

Version 

Filename 

MD5 Checksum 

Minimum RAM 

12.4.25d 

Mainline 

c3725-adventerprisek9 

-mz.l24-25d.bin 

ac3d313d3caff5be 

eee244b81d2c024c 

128MB 

12.4.15T14 
Technology 
Train 

c3725-adventerprisek9 

-mz.l24-15.T14.bin 

42baf 17afl 0d9a 147 
Ibf542f0bfd07c7 

256MB 
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Table B-13: c3745 Series Routers 


Version 

Filename 

MD5 Checksum 

Minimum RAM 

12.4.25d 

c3745-adventerprisek9 

563797308a3036337 

256MB 

Mainline 

-mz.124-25d.bin 

c3dee9b4ab54649 


12.4.15T14 

c3745-adventerprisek9 

a696619869a972ec3a 

256MB 

Technology 

Train 

-mz.l24-15.T14.bin 

27742d38031b6a 



The Cisco c7200 series router continues to receive IOS updates from 
Cisco and supports version 15.x of IOS. 


Table B-14: c7200 Series Routers 


Version 

Filename 

MD5 Checksum 

Minimum RAM 

12.4.25g 
Mainline 

c7200-a3jk9s-mz,124 

-25g.bin 

3a78cb61831b3ef1 

530f7402f5986556 

256MB 

12.4.24T4 

Technology 

Train 

c7200-adventerprisek9 

-mz.124-24.T5 

3c4148f62acf56602 
ce3b371ebae60c9 

256MB 

IOS 15.2.4 

c7200-adventerprisek9 

-mz.152-4.M7.bin 


512MB 
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NM-16ESW AND IOU L2 
LIMITATIONS 


The GNS3 Dynamips NM-16ESW mod¬ 
ule operates identically to its real Cisco 
counterpart. Like that physical module, 
the Dynamips module does not support all the 
features of a Cisco Catalyst switch, meaning the only 

guaranteed way to get full Catalyst switch functionality is to integrate one 
or more real switches into your GNS3 projects. I list those unsupported 
features in this appendix, as well as features that IOU L2 images may not 
support. 

If you want to use a particular Catalyst switch feature, check these 
lists Hi st to see whether you need to use a physical switch. 



Unsupported NM-16ESW Features 

The NM-16ESW switch module does not support the following features: 

• Access Switch Device Manager (SDM) Template 

• ACL - Improved Merging Algorithm 


• ARP Optimization 

• BGP Increased Support of Numbered as-path Access Lists to 500 

• BGP Restart Neighbor Session After max-prefix Limit Reached 

• BGP Route-Map Continue Support for Outbound Policy 

• Clear Counters Per Port 

• DHCP Snooping 

• DHCP Snooping Counters 

• Diagnostics Options on Bootup 

• ErrDisable Reactivation Per Port 

• ErrDisable Timeout 

• EtherChannel 

• EtherChannel - Flexible PAgP 

• EtherChannel Guard 

• Fallback Bridging 

• Flex Link Bi-directional Fast Convergence 

• Flex Link VLAN Load-Balancing 

• Flex Links Interface Preemption 

• GOLD - Generic Online Diagnostics 

• IEEE 802.lab, Link Layer Discovery Protocol 

• IEEE 802.1s - Multiple Spanning Tree (MST) Standard Compliance 

• IEEE 802.1s VLAN Multiple Spanning Trees 

• IEEE 802.lt 

• IEEE 802.1W Spanning Tree Rapid Reconfiguration 

• IEEE 802.lx Auth Fail Open 

• IEEE 802.lx Auth Fail VLAN 

• IEEE 802.lx VLAN Assignment 

• IEEE 802.lx Wake on LAN Support 

• IEEE 802.lx Authenticator 

• IEEE 802.lx Multi-Domain Authentication 

• IEEE 802.lx with Port Security 

• IEEE 802.lx RADIUS Accounting 

• IEEE 802.3ad Link Aggregation (LACP) 

• IEEE 802.3af Power over Ethernet 

• ICMP Fast Leave 

• ICMP Version 1 

• IGRP 


224 


Appendix C 




• IP Phone Detection Enhancements 

• IP Phone Enhancement - PHY Loop Detection 

• IPSG (IP Source Guard) 

• Jumbo Frames 

• L2PT - Layer 2 Protocol Tunneling 

• MAC Authentication Bypass 

• MLD Snooping 

• Multicast EtherChannel Load Balancing 

• NAC - L2 IEEE 802.1x 

• NAC - L2 IP 

• NAC - L2 IP with Auth Fail Open 

• Packet-Based Storm Control 

• Per Port Per VLAN Policing 

• Port Security 

• Port Security on Private VLAN Ports 

• Private VLANs 

• QoS Policy Propagation via Border Gateway Protocol (QPPB) 

• Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) 

• Reduced MAC Address Usage 

• Remote SPAN (RSPAN) 

• Smart Port 

• Spanning Tree Protocol (STP) - Loop Guard 

• Spanning Tree Protocol (STP) - PortFast BPDU Filtering 

• Spanning Tree Protocol (STP) - PortFast Support for Trunks 

• Spanning Tree Protocol (STP) - Root Guard 

• Spanning Tree Protocol (STP) - Uplink Load Balancing 

• SRR (Shaped Round Robin) 

• Standby Supervisor Port Usage 

• STP Syslog Messages 

• Switching Database Manager (SDM) 

• Trunk Failover 

• Trusted Boundary (extended trust for CDP devices) 

• Unicast MAC Filtering 

• UniDirectional Link Detection (UDLD) 

• VLAN Access Control List (VACL) 

• VLAN Aware Port Security 

• Weighted Tail Drop (WTD) 


NM-16ESW and IOU L2 Limitations 




Unsupported Features in Cisco IOU L2 Images 

IOU is said to support roughly 90 percent of the capabilities of an actual 
Cisco Catalyst switch. The following features are probably unsupported by 
IOU L2 images. However, because Cisco is responsible for updating IOU 
images, your mileage may vary. 

• DHCP snooping 

• ISL trunks 

• L3 Etherchannel 

• MLS QoS 

• Port-security 

• Private VLAN 

• QinQ 

• SPAN/RSPAN/ERSPAN 

• UDLD 

• Voice VLANs 
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GLOSSARY 


The following is a glossary of acronyms used through¬ 
out the book. 

APT (Advanced Package Tool) A command-line tool for handling 
packages on Debian-based Linux computers. 

ARP (Address Resolution Protocol) A protocol used to map net¬ 
work layer addresses to link layer addresses. Often used for IP to MAC 
address resolution. 

AS (autonomous system) A group of routers that share network pre¬ 
fixes under the administrative control of a single organization. 

ASA (adaptive security appliance) A Cisco firewall device. 

ASDM (Adaptive Security Device Manager) Cisco software used to 
manage and monitor Cisco security devices. 

ASIC (application-specific integrated circuit) A specialized circuit 
that is often proprietary of a particular vendor. 

ATM (Asynchronous Transfer Mode) A technology designed for the 
transfer of voice, video, and data through public and private networks. 
Largely replaced by MPLS. 



BGP (Border Gateway Protocol) The routing protocol of the Internet. 
BGP uses autonomous systems to exchange route information. 

BSD (Berkeley Software Distribution) A Unix operating system that 
was developed in Berkeley, California. 

CCIE (Cisco Certified Internetwork Expert) The expert level of cer¬ 
tification from Cisco Systems. 

CCNA (Cisco Certified Network Associate) The associate level certi¬ 
fication from Cisco Systems. 

CCNP (Cisco Certified Network Professional) The professional level 
certification from Cisco Systems. 

CCP (Cisco Configuration Professional) Software used to manage 
and monitor Cisco routers. 

CDP (Cisco Discovery Protocol) A Cisco proprietary protocol used 
to collect hardware and configuration information from directly con¬ 
nected Cisco devices on a network. 

CIDR (Classless Inter-Domain Routing) A shorthand method of 
assigning a network mask to an IP address. CIDR uses a slash, followed 
by the number of binary bits for the mask portion of an IP address; for 
example, 192.168.1.1 255.255.255.0 is written as 192.168.1.1 /24 in CIDR 
notation. 

CPU (central processing unit) The circuitry in a computer 
that’s responsible for executing code and controlling input/output 
operations. 

DHCP (Dynamic Host Configuration Protocol) A protocol used for 
dynamically applying IP addresses and other network settings to a host. 
DLCI (data link connection identifier) A link-local virtual circuit 
identifier used to assign frames to a PVC or SVC. 

DNS (Domain Name System) A hierarchy of database servers that 
map Internet hostnames to IP addresses. 

EIGRP (Enhanced Interior Gateway Routing Protocol) A Cisco pro¬ 
prietary advanced distance-vector routing protocol. 

FTP (File Transfer Protocol) A protocol used to transfer files from 
one host to another using TCP/IP. Also the name of the program that 
allows a user to transfer files to and from a remote host. 

GLBP (Gateway Load Balancing Protocol) A Cisco proprietary 
redundant router protocol that supports load-balancing. 

HSRP (Hot Standby Routing Protocol) A Cisco proprietary redun¬ 
dant router protocol that provides automatic router failover at a default 
gateway. 

IDS/IPS (Intrusion Detection System/Intrusion Prevention System) 

A device that monitors network activities for malicious code, usually 
working in conjunction with a firewall. Unwanted activities trigger 
alarms that are reported to a system administrator. 
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I/O (input/output) Used to describe any program, operation, or 
device that transfers data to or from a computer or device. 

IOL (IOS on Linux) Software that runs on Linux and emulates the 
features of a Cisco IOS router or switch. 

IOS (Internetwork Operating System) Cisco’s primary router and 
switch operating system. 

IOU (IOS on Unix) Software that runs on Linux/Unix and emulates 
the features of a Cisco IOS router or switch. 

IP (Internet Protocol) The network layer protocol in the TCP/IP 
stack that provides routing and logical addressing. 

IPv4 (Internet Protocol version 4) The fourth version of the IP. IPv4 
uses a 32-bit address scheme. 

IPv6 (Internet Protocol version 6) The sixth version of the IP. IPv6 
uses a 128-bit address scheme. 

ISL (Inter-Switch Link) A Cisco proprietary VLAN trunking proto¬ 
col, replaced by 802.IQ on modern networks. 

ISP (Internet service provider) A company that provides consumers 
and businesses with access to the Internet. 

ISR (integrated service router) A Cisco router model used in small 
businesses or home offices, usually connected to the Internet using DSL 
or cable modems. ISR hardware is often designed using application- 
specific integrated circuits. 

JNCIA (Juniper Networks Certified Associate) The Juniper entry- 
level associate certification for Junos OS. 

LAN (local area network) A network that connects computers and 
peripherals within a small geographic area, such as a single building or 
a group of buildings. 

LMI (logical management interface) A signaling standard used 
between routers and Frame Relay switches. 

MAC (media access control) A unique identifier that’s written into 
the firmware of a network Ethernet card. MAC addresses are used for 
communication on a physical network segment. 

MPLS (Multiprotocol Label Switching) A packet-forwarding technol¬ 
ogy that uses labels to make data forwarding decisions. Replaces ATM 
and Frame Relay on modern networks. 

MTU (maximum transmission unit) The maximum frame size of a 
protocol data unit. The Ethernet default frame size is 1500 bytes, but 
it can be reduced or increased depending on your Ethernet hardware 
and drivers. 

NAT (network address translation) A method of using a single IP 
address on an edge router or firewall so that devices on the network 
behind the edge device can access networks (like the Internet) beyond 
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the edge using a single IP address. NAT is responsible for rewriting 
datagram headers to keep track of packets between the edge device 
and the inside hosts. 

NIO (Network Input/Output) Used to describe any program, opera¬ 
tion, or device that transfers data to or from a computer or device over 
a network. 

NPE (Network Processing Engine) A Cisco chassis card that provides 
additional functionality to some Cisco router models, such as the c7200. 
NVRAM (non-volatile random access memory) A type of memory 
that retains its contents when power is turned off. 

OS (operating system) Manages a computer’s memory, processes, and 
all of its software and hardware. 

OSPF (Open Shortest Path First) An interior gateway protocol that 
uses a link-state database and a shortest path first (SPF) algorithm to 
calculate the best routes to reach a network. 

OVA (Open Virtual Appliance) A standard hie format used for pack¬ 
aging and distributing virtual appliances that can be run using virtual 
machine software, such as VirtualBox and VMware. 

POS (Packet over SONET) A communications protocol used for 
transmitting Point-to-Point Protocol (PPP) packets over SONET. 

PVC (permanent virtual circuit) A permanent connection that’s 
established between two or more nodes in a Frame Relay or ATM 
network. 

QEMU (Quick Emulator) An open source machine emulator and 
virtualizer. 

RAM (random access memory) A type of memory that does not 
retain its contents when power is turned off. 

RIP (Routing Information Protocol) A distance vector protocol that 
primarily uses hop count as a metric for choosing the best route to 
remote networks. Often referred to as routing by rumor. 

SSH (Secure Shell) Used for securely logging into a remote machine 
and executing commands on a remote machine. 

SONET (Synchronous Optical Network) A protocol used to synchro¬ 
nously transfer data over fiber-optic networks. 

SVC (switched virtual circuit) A dynamic connection that’s estab¬ 
lished between two or more nodes in a Frame Relay or ATM network. 

TAR (Tape Archive) files Creates and manipulates streaming archive 
files. 

TCP (Transmission Control Protocol) The connection-oriented 
transport layer of the TCP/IP stack. TCP is responsible for creating 
reliable end-to-end connections. 

TFTP (Trivial File Transfer Protocol) TFTP allows users to transfer 
files to and from a remote machine using no authentication or error 
correction. 
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UDP (User Datagram Protocol) A connectionless transport layer pro¬ 
tocol that does not use handshaking. UDP exchanges datagrams with¬ 
out acknowledgments. 

VIRL (Virtual Internet Routing Lab) Cisco’s network simulation 
platform that includes virtual machines running Cisco’s core network 
operating systems. 

VLAN (virtual local area network) A mechanism for partitioning a 
layer-2 network into separate broadcast domains. 

VM (virtual machine) A program that emulates specific hardware 
and allows you to install and run operating systems designed for that 
hardware. 

VMDK (virtual machine disk) A virtual hard disk image Hie that is 
often used by virtual machine software, such as VMware, VirtualBox, 
and QEMU. 

VPCS (Virtual PC Simulator) A simple program that simulates the 
basic networking features and commands of a PC. 

VPN (virtual private network) A group of security protocols that 
allow two devices to share encrypted information over a public network 
(like the Internet). 

VPNC (Virtual Private Network Connection) A software client for 
Cisco VPN3000 Concentrator, IOS devices, and PIX devices. 

VRRP (Virtual Router Redundancy Protocol) An open standard 
redundant router protocol that provides automatic router failover at 
a default gateway. 

WAN (wide area networks) A network that covers a wide geographic 
range, often made up of multiple networks connected using one or 
more VPNs. 

WIC (WAN interface card) A Cisco proprietary interface card that 
often provides serial port interfaces to a router. 
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Numbers and Symbols 

? (question mark), in GNS3 console, 191 
7-zip application, 85 
32-bit operating system, IOS-XRv 
virtual machine, 145 
64-bit operating system, IOS-XRv 
virtual machines, 145 
802.IQ trunk, connecting devices with, 
109-112, 114 

2600 series routers, 218-219 

A 

abbreviated command syntax, in 
VPCS, 49 

access ports, changing, 44 
access server. See virtual access server 
adapters. See also specific adapter types 
for IOS-XRv device, 146 
for IOU devices, 159 
for IOU virtual machine, 161-162 
multiple, in PCs, using for device 
connections, 119 

adaptive security appliance firewall. 

See ASA (adaptive security 
appliance) firewall 
Adaptive Security Device Manager 
(ASDM), Cisco, 123-124, 
132-135, 227 

Add a Link icon, Devices toolbar, 37, 

39, 56 

Add a note icon, GNS3 toolbar, 35 
Address Resolution Protocol 
(ARP), 227 
Adobe Flash Player, 125 
Advanced Package Tool (APT), 227 
Advanced settings tab 

Dynamips preferences window, 
22-23 

IOS on UNIX preferences window, 
156-157 

All Devices icon, Devices toolbar, 37 


Always use the local server (Linux only) 
checkbox, IOS on UNIX 
preferences window, 156 
Apache web server, 3 
appliances, importing to VirtualBox, 
51-52 

application-specific integrated circuit 
(ASIC), 227 

APT (Advanced Package Tool), 227 
apt-get utility, 51 
ARP (Address Resolution 
Protocol), 227 
arp command, 50 
AS (autonomous system), 227 
ASA (adaptive security appliance) 
firewall, Cisco 
acquiring image file, 127 
ASDM installation, 132-135 
configuring GNS3 for, 127-131 
defined, 227 
overview, 123-124, 126 
prepping image for GNS3, 127 
testing in GNS3, 131-132 
troubleshooting, 213 
asa-initrd.gz file, 127 
asa-vrnlinuz file, 127 
ASDM (Adaptive Security Device 

Manager), Cisco, 123-124, 
132-135, 227 

ASIC (application-specific integrated 
circuit), 227 

ATM (Asynchronous Transfer Mode) 
defined, 227 

switch, configuring, 102-103 
autonomous system (AS), 227 

B 

backing up 

GNS3 settings file, 211-212 
Juniper Olive, 80-81 
projects, 214-215 
QEMU disk image files, 144 



Berkeley Software Distribution 
(BSD), 228 

BGP (Border Gateway Protocol), 228 
binary applications, QEM1J, 82 
binary file, QEMU virtual machine, 
129, 142-143, 145 
bison package, 155 
booting routers, 27 
Border Gateway Protocol (BGP), 228 
Boson NetSim, 2 
breakout cables, 113 
breakout switches 
creating, 112-117 

optional configuration for, 117-118 
overview, 121 
bridges 

for IOU virtual machine, 161-162 
between loopback and Ethernet 
adapters, 106-107 
preparing PCs for, 106 
Bryant Advantage videos, 199 
BSD (Berkeley Software 

Distribution), 228 
build directory 

for IDS/IPS, 135 
preparing in QEMU, 69 
built-in device nodes, 94 

c 

capturing packets with Wireshark, 
59-62 

Catalyst switches, Cisco, 6, 223 
CBT Nuggets videos, 199 
CCIE (Cisco Certified Internetwork 
Expert) certification, 6, 

199, 228 

CCNA (Cisco Certified Network 

Associate) certification, 32, 
199, 228 

CCNP (Cisco Certified Network 

Professional) certification, 
32, 199, 228 

CCP (Cisco Configuration 

Professional) software 
defined, 228 
installing, 125 
overview, 123, 124 
project configuration, 124-125 
running, 125-126 


CD image files 

Cisco IDS/IPS, 135 
Juniper Olive, 67-69 
CDP (Cisco Discovery Protocol), 

115, 228 

central processing unit (CPU) 
defined, 228 

throttling, for ASAs, 130, 213 
usage, setting Idle-PC value for, 
26-27 

certifications, preparing for, 199. See 
also specific certifications 
Check for minimum RAM 

requirements option, IOS 
memory screen, 25 
checkpic protection for Junos OS, 
removing, 78 
chmod command, 208 
chown command, 208 
CIDR (Classless Inter-Domain 

Routing), 49, 173, 228 
Cisco access server. See virtual access 
server 

Cisco Adaptive Security Appliance 

firewall. See ASA (adaptive 
security appliance) firewall 
Cisco Adaptive Security Device 

Manager (ASDM), 123-124, 
132-135, 227 

Cisco ASDM-IDM Launcher, 134 
Cisco Catalyst switches, 6, 223 
Cisco certification exams, 29, 199 
Cisco Certified Internetwork Expert 
(CCIE) certification, 6, 

199, 228 

Cisco Certified Network Associate 

(CCNA) certification, 32, 
199, 228 

Cisco Certified Network Professional 
(CCNP) certification, 32, 
199, 228 

Cisco Configuration Professional. 

See CCP software 
Cisco console window, 27 
Cisco Discovery Protocol (CDP), 

115, 228 

Cisco Enhanced Interior Gateway 
Routing Protocol. See 
EIGRP 

Cisco Feature Navigator website, 25, 205 
Cisco hardware, supported, 217-220 
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Cisco Intrusion Detection System/ 

Intrusion Prevention System. 
See IDS/IPS (Intrusion 
Prevention System/ 
Intrusion Detection System) 
Cisco IOS (Internetwork Operating 
System), 2, 220-222, 229. 

See also IOS images; IOS 
routers; IOU 

Cisco IOS on Unix. See IOU 
Cisco IOS-XRv. See IOS-XRv 
Cisco IP hostname table, for virtual 
access server, 184-186 
Cisco ISL (Inter-Switch Link), 229 
Cisco Learning Network, 152 
Cisco NM-16ESW switch module, 6, 44 
Cisco NPE (Network Processing 
Engine), 230 

Cisco NX-OSv. See NX-OSv 
Cisco routers. See also Dynamips; IOS 
routers; specific routers 
exporting GNS3 configurations to, 
187-188 

importing configurations into 
GNS3, 188 

IOS compatibility, 220-222 
supported, 217-220 
testing connectivity between 

Juniper routers and, 83-84 
Cisco switch block design, 200 
Cisco switches, CDP tunneling 
compatibility of, 115 
Cisco Virtual Internet Routing Lab 
(VIRL),2, 231 
Cisco VPNs, 200 

Cisco WIC (WAN Interface Card), 231 
Classless Inter-Domain Routing 
(CIDR), 49, 173, 228 
client/server setup 

configuring client, 193-197 
overview, 191-192 
preparing workstations, 192 
running gns3server, 192-193 
uberlab creation, 198-199 
client/server technology, GNS3, 3 
clock rate command, 101 
Clone feature, VirtualBox, 55-56, 87 
Cloud nodes 

configuring for virtual access 
server, 181-183 
configuring standard 802.IQ 
trunk, 110 


configuring VLANs using 
Linux, 116 

configuring with loopback 

adapters, 107, 120-121 
general discussion, 104-105 
overview, 93 

connn server. See virtual access server 
command line interface, GNS3, 33, 
190-191 

command prompt, IOS-XRv, 147 
commands. See also specific commands 
NX-OSv, 172-173 
VPCS, 48-49 
community, GNS3, 215 
competitions, security, 199 
configuration 

acquiring IOS image, 19-21 
adding IOS images to GNS3, 23-26 
for ASA, 127-131 
for Cisco IDS/IPS, 141-143 
for Cisco IOS-XRv, 144-146 
for Cisco NX-OSv, 170-171 
client, for client/server setup, 
193-197 

Cloud node for virtual access 
server, 181-182 
Dynamips, 21-23 
Idle-PC value, setting manual, 
26-29 

IOS-XR device, 147-149 
for IOU, 156-159, 163-167 
IP hostname table, 184-186 
Juniper routers in GNS3, 81-83 
Loopback Adapter in Windows, 
178-179 
overview, 19 

router, exporting to Cisco, 187-188 
router, importing into GNS3, 188 
of router for Cisco IOS-XRv 
project, 147 

of router for NX-OSv project, 173 
router hardware, 40-41 
TAP adapter in Linux, 179-180 
troubleshooting problems 
related to, 210-211 
configuration files 
Dynamips, 38 
GNS3, 211-212 

Configure button, CCP management 
screen, 126 

connection timeouts, virtual access 
server, 187 
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connectivity 

ASA, testing, 131 
Internet, 121 
Juniper router, 84 
virtual, with GNS3, 3-4 
between Windows guest and 
router, 125 

conserving resources, 214 
Console applications tab, GNS3 
General preferences 
window, 27, 28 

Console connect to all devices icon, 
GNS3 toolbar, 34, 43 
console port number 

configuring Cisco IP hostname 
table, 184-185 

IOS on UNIX preferences window, 
156-157 

consoles 
Cisco, 27 

GNS3, 33, 190-191 
troubleshooting problems with, 
208-210 

virtual access server, 186-187 
VPCS, 48 

copying IOS image files from 
routers, 20 

corrupt IOS image files, 205-206 
CPU (central processing unit) 
defined, 228 

throttling, for ASAs, 130, 213 
usage, setting Idle-PC value for, 
26-27 

cpulimit program, 130, 131 
crashes, Dynamips, 204 
Create Virtual Machine wizard, 85-86, 
169-170 

D 

data link connection identifier (DLCI), 
97, 101-102, 228 
debug command, 191 
decompressing IOS images, 23 
deleting links between devices, 40 
dependencies, installing, 12 
/dev/bpf device files, 207 
Device Dashboard, ASDM, 134-135 
device file permissions, OS X, 207 
Device Manager, CCP, 125-126 


device nodes. See also live switches, 
connecting devices to 
ATM switch, 102-103 
built-in, 94 

Cloud nodes, 104-105 
connecting devices to Internet, 
120-121 

connecting devices to physical 
hardware, 105-109 
Ethernet hub, 95 
EtherSwitch router, 96 
Frame Relay switch node, 97-102 
Node configurator, 94-95 
overview, 93 

devices. See also specific devices', virtual 
access server 

connecting to Internet, 120-121 
connecting to physical hardware, 
105-109 

conserving resources, 214 
Devices toolbar, 33, 37 
emulated, 2, 33 
linking, 37 
simulated, 33 

symbols for, changing, 44-45 
VirtualBox host nodes, linking to 
other, 56-57 

Devices toolbar, 33, 37, 38, 55, 197 
/dev/tap device files, 207 
DHCP (Dynamic Host Configuration 
Protocol), 49, 228 
dhcp command, 49 
dirty filesystems, 80 
disconnect command, 187 
Discover button, CCP management 
screen, 126 

Disk image (hda) selection, New 

QEMU VM wizard, 143, 146 
Disk image (hdb) selection, New 
QEMU VM wizard, 143 
DLCI (data link connection identifier), 
97, 101-102, 228 

DNS (Domain Name System), 228 
Draw a rectangle icon, GNS3 toolbar, 35 
Draw an ellipse icon, GNS3 toolbar, 35 
Dynamic Host Configuration Protocol 
(DHCP), 49, 228 
Dynamips, 9, 13. See also routers 
client/server setup, 192-197 
configuration files, 38 
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configuration of, 21-23 
console problems, 209 
copying GNS3 projects between 
platforms, 189 

copying IOS image files to, 20 
crashes, 204 

IOS-XRv project, 146-147 
vs. IOU, 151 

networking Linux VirtualBox host 
to routers, 57-58 
overview, 5 

permissions, setting, 105-106 
permissions problems, 207-208 
supported Cisco hardware, 217-220 
verifying path to, in Linux, 21 
virtual access server router, 
configuring, 182-184 
Dynamips IOS Router configuration 
dialog, 38-39 

Dynamips preferences window, 22-23, 
194-195 

E 

EIGRP (Enhanced Interior Gateway 
Routing Protocol), Cisco 
defined, 228 

IOS-XRv project, 147, 148 
NX-OSv project, 171, 173, 174 
ellipses, drawing, 35 
emulated hardware, 2, 33 
Enable ghost IOS support option, 
Dynamips preferences 
window, 23 

Enable mmap support option, 

Dynamips preferences 
window, 23 

Enable remote console option, 
VirtualBox, 55 

Enable sparse memory support option, 
Dynamips preferences 
window, 23 

encapsulation frame-relay command, 101 
End Devices icon, Devices toolbar, 37 
Enhanced Interior Gateway Routing 
Protocol. See EIGRP 
(Enhanced Interior 
Gateway Routing Protocol) 
erase flash: command, 44 
escape sequence, 186 
/etc/networks/interfaces file, 180 


Ethernet adapters 

connecting devices to PCs, 106-108 
connecting GNS3 devices to 
Internet, 120-121 
MTU size of, 117 
NIO problems, 208 
Ethernet connections, capturing 
data on, 60 
Ethernet hub, 95 

Ethernet interfaces, adding to Juniper 
virtual machine, 82-83 
Ethernet switch nodes 

breakout switch configuration 
using, 117-118 

configuring standard 802.IQ 
trunk, 109-112 

Node configurator window, 44, 45 
overview, 44-45 
EtherSwitch router, 96 

configuring standard 802.IQ 
trunk, 109-112 
EXEC mode privileges, 124 
exec-timeout parameter, 187 
Export Appliance option, 

VirtualBox, 190 
Export config option, 188, 190 
exporting 

GNS3 configurations to Cisco 
routers, 187-188 
GNS3 settings file, 211-212 
IOU configurations, 159 

F 

FDISK Partition Editor, 71-72 
feature problems, troubleshooting, 
203-204, 210-211 
File Transfer Protocol. See FTP 
firewalls, disabling, 50. See also 
Juniper vSRX Firefly; 

ASA (adapative security 
appliance) firewall 
flex package, 155 
Frame Relay switch node, 97-102 
frame-relay intf-type dee command, 101 
frame-relay lmi-type command, 101 
frame-relay switching command, 101 
FreeBSD 

acquiring, 67 

copying to build directory, 69 
installing, 77-78 

Juniper Olive, installing on, 66-67 
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FreeBSD, continued 

Juniper Olive package, 

installing on, 78-80 
overview, 65 

partitioning filesystem, 71-76 
preliminary checks before 
installation, 69-70 
QEMU virtual machine of, 
creating, 69 

virtual hard disk, creating, 70-71 
FTP (File Transfer Protocol) 

copying ASDM software to ASA, 
132, 133 

copying files from Cisco ASA, 127 
copying IOS image files to, 20 
defined, 228 

G 

Gateway Load Balancing Protocol 
(GLBP), 228 

General preferences window, 211-212 
General settings tab 

Dynamips preferences window, 

22, 194 

IOS on UNIX preferences window, 
156, 164-165 
Node configurator, 159 
VirtualBox preferences window, 53 
ghost IOS support, Dynamips, 23 
GLBP (Gateway Load Balancing 
Protocol), 228 

GNS3 

appliances, installing, 14-17 
emulated hardware, 2 
forums, 48, 215 
installer package, 7 
IOU, importance of for, 152 
limitations of, 5-6 
open source integration, 5 
overview, 1-2 
reasons to use, 2-4 
scalability, 3 

simulated operating systems, 2-3 
supported Cisco hardware, 217-220 
upgrading, 167 
virtual connectivity, 3-4 
website, 215 

GNS3 IOU VM.ova file, 160-163 
GNS3 Jungle forum, 215 
GNS3 server preferences window, 164, 
193-194 


GNS3 settings file, 211-212 
GNS3 toolbar, 32, 34-37 
GNS3 Vault website, 16 
GNS3 WorkBench 
installing, 16-17 
overview, 15-16 

gns3server program, 192-193, 198-199 
grace period, EIGRP, 174 
graphical user interface (GUI) 
program, 3, 13 

GRUB boot manager, QEMU, 139, 140, 

141 

GRUB boot menu, Linux, 137 
GUI (graphical user interface) 
program, 3, 13 

H 

“Hack My Rack” challenges, 199-200 
halt command, 79 
hard drive settings, NX-OSv, 170 
hardware. See also devices; specific 
hardware 

configuring router, 40-41 
emulated, 2, 33 
troubleshooting, 212 
hdiutil command, 68 
help command, 191 
host binding, GNS3 server, 180-181, 
193-194 

host integration. See also VirtualBox 
overview, 47 

with Virtual PC Simulator, 47-50 
hostname command, 156 
hot-linking IOU devices, 159 
HSRP (Hot Standby Routing 
Protocol), 228 

hub and spoke Frame Relay network, 
98-100 

hypervisor program. See Dynamips 

I 

ICS (Internet Connection Sharing), 120 
Idlemax setting, Dynamips, 209 
Idle-PC values 

conserving resources, 214 
console problems, 209 
overview, 26, 197 
setting manual, 26-29 
Idlesleep setting, Dynamips, 209 
ids_functions file, 137-138 
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IDS/IPS (Intrusion Detection System/ 
Intrusion Prevention 
System), Cisco 
acquiring image file, 135 
backup copy of disk image files, 144 
booting, 135-137 
configuring GNS3 for, 141-143 
defined, 228 
overview, 123-124, 135 
QEMU-ready system, creating, 
135-137 
restarting, 139 
testing, 141 

tricking software, 137-141 
verifying in GNS3, 143-144 
ifconfig command, 56, 108, 180 
ifconfig etho command, 163 
images. See also IOS images 
ASA operating system, 127 
Cisco IOS-XRv files, 144 
IDS/IPS, acquiring, 135 
inserting, 35 

IOU, 153, 158-159, 162-163, 165 
ISO, 67-69, 135 
NX-OSv, 169 

Import Appliance option, 

VirtualBox, 190 
Import config option, 188, 190 
Import Virtual Appliance dialog, 
160-161 

Import/Export configs dialog, 188 
importing 

appliances to VirtualBox, 51-52 
Cisco router configurations into 
GNS3, 188 

GNS3 settings file, 211 
IOU configurations, 159 
NX-OSv into VirtualBox, 169-170 
INE workbooks, 199 
iniparser program, 155 
initial RAM disk, ASA virtual 
machine, 129 
Input/Output (I/O), 229 
Insert a picture icon, GNS3 toolbar, 35 
Install Boot Manager menu, 72, 73 
installation media, choosing, 77 
installation package for Juniper 
Olive, 79 

installing 

CCP software, 125 
Cisco ASDM, 132-135 


Cisco IDS/IPS, 135-137 
FreeBSD, 77-78 

GNS3, general requirements for, 8 

GNS3, overview, 7 

GNS3 appliances, 14-17 

GNS3 on Microsoft Windows, 8-10 

GNS3 on OS X, 10-11 

GNS3 on Ubuntu Linux, 11-14 

IOU, 154 

Juniper Olive, 66-67 
Juniper Olive package in FreeBSD, 
78-80 
QEMU, 63-65 
TUN/TAP drivers, 108, 109 
virtual interface for virtual access 
server, 178-180 
VirtualBox, 50-51 
VPCS, 14, 48 
Wireshark, 58-59 

integrated service router (ISR), 229 
integrating hosts. See also VirtualBox 
overview, 47 

with Virtual PC Simulator, 47-50 
interface, virtual, for virtual access 
server, 178-180 
interface labels, 34 
interface.confiile, 137, 138-139 
irterface-nat command, 90 
interfaces file, 180 
Internet 

connecting devices to, 120-121 
finding IOS image files on, 20 
Internet Connection Sharing 
(ICS), 120 

Internet Protocol. See IP; IPv4; IPv6 
Internet service provider (ISP), 229 
Internetwork Operating System. 

See IOS (Internetwork 
Operating System) 
Inter-Switch Link (ISL), Cisco, 229 
Intrusion Detection System/ 

Intrusion Prevention System. 
See IDS/IPS (Intrusion 
Detection System/Intrusion 
Prevention System) 

I/O (input/output), 229 
IOL (IOS on Linux), 229 
IOS (Internetwork Operating System), 
Cisco, 2, 220-222, 229. 

See also IOS images; IOS 
routers; IOU 


Index 239 



IOS images 

acquiring, 19-21 
adding to GNS3, 23-26 
client/server setup, 192 
copying from router, 20 
copying GNS3 projects between 
platforms, 189 
corrupt, 205-206 
decompressing, 23 
failure to load, troubleshooting, 
204-206 
limitations, 5 

serial connections, troubleshooting 
issues with, 46 
stable versions, 21 
unsupported, 211 
IOS Memory screen, 25 
IOS on Linux (IOL), 229 
IOS on Unix. See IOU (IOS on Unix) 
IOS on UNIX preferences window, 
156-158, 164-166 
IOS routers. See also Dynamips 

adding IOS images to GNS3, 23-26 
client/server setup, 194-197 
configuration, 38-39 
Dynamips, configuring, 21-23 
Frame Relay switch, creating using, 
101-102 

Idle-PC value, setting manual, 
26-29 

memory, troubleshooting, 204-205, 
206-207 

networking Linux VirtualBox 
host to, 57-58 
preferences, 23 

IOS routers preferences window, 

194, 195 

ios_base_private-config.txt file, 38 
ios_base_startup-config.txt file, 38, 39 
IOS-XRv, Cisco 
adapters for, 146 
configuring GNS3 for, 144-146 
configuring IOS-XR device, 

147-149 

configuring router, 147 
creating simple project, 146-149 
overview, 144 

IOU (IOS on Unix), Cisco, 2, 3, 6 
configuring devices, 159 
configuring GNS3 for, 156-159, 
163-167 

console problems, 210 


copying GNS3 projects between 
platforms, 189-190 
creating text file of 

configuration, 188 
defined, 229 
exporting/importing 

configurations, 159 
images, 153, 162-163, 165 
importance to GNS3, 152 
installing, 154-155 
L2 images, 226 

license file for, 155-156, 163-164 

linking devices, 159 

on Linux PC, 153-159 

NIO problems, 208 

overview, 151-152 

simple project, 167-168 

switches, 152, 167-168 

things to know before installing, 153 

uploading image files, 162-163 

virtual machine for, 153, 160-163, 

164, 167 

on Windows and OS X, 160-167 
IOU devices section, IOS on UNIX 
preferences window, 158, 

165, 166 

iouyap application, 155, 156, 208 
IP (Internet Protocol) 
addressing 

binding GNS3 server to virtual 
interface, 180-181 
client/server setup, 192, 

193-194 

configuring in VirtualBox, 
56-57 

configuring Loopback Adapter 
in Windows, 178-179 
configuring TAP adapter in 
Linux, 179 

IOS-XRv project, 147, 148 
IOU virtual machine, 163, 164 
for NX-OSv project, 173 
virtual access server, 178-179, 
185 

VLAN routing using IOU 
switch. 168 
VPCS, 49-50 

configuring in VirtualBox, 56-57 
defined, 229 
ip command, 49 

IP hostname table, for virtual access 
server, 184-186 
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iplog-status command, 141 
IPv4 (Internet Protocol version 4) 
defined, 229 

manually configuring addresses 
in VPCS, 49 

IPv6 (Internet Protocol version 6) 
defined, 229 

manually configuring addresses 
in VPCS, 49 

ISL (Inter-Switch Link), Cisco, 229 
ISO images 

IDS/IPS, acquiring, 135 
of Juniper Olive, creating, 67-69 
ISO Recorder, 67-68 
ISP (Internet service provider), 229 
ISR (integrated service router), 229 

J 

Java, 125 

Juniper Networks Certified Associate 
(JNCIA) certification, 65, 
91, 229 

Juniper Olive. See also Juniper vSRX 
Firefly 

acquiring FreeBSD, 67 
acquiring software, 67 
adding virtual machine in 
GNS3, 82 
backing up, 80-81 
configuring Juniper routers in 
GNS3, 81-83 

creating CD image file, 67-69 
creating virtual hard disk in 
QEMU, 70-71 
general discussion, 65-66 
installing, 66-67 
installing FreeBSD, 77-78 
installing package in FreeBSD, 
78-80 

installing QEMU, 63-65 
overview, 63 

partitioning filesystem in QEMU, 
71-76 

preliminary checks before FreeBSD 
installation, 69-70 
syntax, 84 

system requirements, 66 
testing routers, 83-84 
Juniper vMX, 66 


Juniper vSRX Firefly 

adding virtual machine to GNS3, 
87-88 

creating Firefly virtual machine 
with VirtualBox, 85-86 
extracting and converting files, 85 
increasing processors for virtual 
machine, 87 
overview, 84-85 
project using, 88-91 
Juniper-compatible partitions, 74 
juniper-olive.iso CD image, 
mounting, 78 
Junos OS, 65 

K 

Kernel Configuration Menu, FreeBSD, 
70, 71 

kernel image, ASA virtual machine, 129 

L 

L2 images, Cisco IOU, 226 
l2protocol-tunnel cdp command, 114 
LAN (local area network), 229 
layers, manipulating, 36 
libcap2, 207 
libcrypto, 154 

license file for IOU, 155-156, 163-164 
license grace-period command, 174 
linking 

devices, 37 
IOU devices, 159 
routers, 39-40 

VirtualBox host nodes to other 
devices, 56-57 

Linux. See also Cisco NX-OSv 
boot-specific settings for ASA 
virtual machine, 129 
breakout switches, creating, 

112-113 

choosing Console application, 27, 28 
Cisco IDS/IPS, 135-137 
configuring Cloud node, 181 
configuring GNS3 for IOU, 

156-159 

configuring IP addresses in 
VirtualBox, 56 
configuring TAP adapter in, 
179-180 
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Linux, continued 

connecting devices to Internet, 120 
CPU usage, setting Idle-PC value 
for, 26-27 

Dynamips permissions, 
setting, 106 

GNS3 WorkBench, 15-17 
gns3server program, 192 
installing cpulimit program, 131 
installing GNS3 system on, 11-14 
installing IOU, 154-155 
installing QEMU on, 64-65 
installing VirtualBox, 51 
installing VPCS source file, 48 
installing Wireshark on, 59 
Juniper Olive ISO image creation, 
68-69 

license file for IOU, 155-156 
NIO connections, 105 
permissions problems, 207-208 
prepping ASA image for 
GNS3, 127 

running GNS3 and IOU on, 
153-154 

TUN/TAP drivers on, 109 
verifying path to Dynamips, 21 
virtual access server 

limitations on, 185 
VirtualBox virtual machine project, 
57-58 

live switches, connecting devices to 
with breakout switch, 112-117 
optional breakout switch 

configuration, 117-118 
overview, 109, 121 
with standard 802.IQ trunk, 
109-112 

using multiple adapters in PCs, 119 
LMI (logical management 
interface), 229 

Load balance across all available 

remote servers checkbox, 
New IOS router dialog, 196 
local area network (LAN), 229 
logging on to routers, 41, 43-44 
logical management interface 
(LMI), 229 

Loopback Adapter driver, Microsoft, 
106-107, 120, 178-179, 

181, 182 


M 

MAC (media access control), 229 
Mac OSX. See OS X 
Manage Devices screen, CCP, 125-126 
management console, GNS3, 33, 
190-191 

manual Idle-PC value, setting, 26-29 
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maximum transmission unit. See MTU 
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conserving resources, 214 
Dynamips, 23 
general requirements, 8 
IOS router, 25 
IOU virtual machine, 161 
NX-OSv, 169-170 
QEMU virtual machine, 129, 143, 
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router, troubleshooting, 204-205, 
206-207 
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178-179 
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installing VirtualBox on, 50-51 
installing Wireshark on, 58 
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mkisofs application, 68 
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defined, 229 
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interfaces, 108 
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Multiprotocol Label Switching 
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multi-protocol routing, 

troubleshooting, 46 
multi-vendor integration, 200-201 

N 
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121, 229-230 

netstat command, 43, 213 
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161-162 
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network address translation (NAT), 
121, 229-230 

network connectivity tests, ASA, 131 
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Cisco, 41, 230 
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network switch modules, 44 
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165, 166 

New project window, 38 
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errors, troubleshooting, 207-208 
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181, 182 
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for, 26-27 
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setting, 105 

gns3server program, 192 
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pausing routers, 41 
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VirtualBox 
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overview, 191-192 
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permanent virtual circuit (PVC), 97, 
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setting, 105-106 
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ping command 
ASAs, 131 
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Juniper router connectivity, 84 
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virtual access server, 184 
VLAN routing, 50, 168 
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conflicts, troubleshooting, 212-213 
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private-config files, 38, 188 
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preferences window, 
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virtual machine, 87 
project management 
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Ethernet switch nodes, 44-45 
GNS3 toolbar, 34-37 
IOU, 167-168 
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snapshots, 32 
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45-46 
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using Juniper vSRX Firefly, 88-91 
using VirtualBox hosts in, 55-56 
using VirtualBox on Linux, 57-58 
PuTTY, 8 

PVC (permanent virtual circuit), 97, 
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QEMU (Quick Emulator), 3, 8 
ASA image, prepping for, 127 
backup copy of disk image files, 144 
binary applications, 82 
build directory, preparing, 69 
configuring GNS3 for ASA, 

127-131 

configuring GNS3 for IOS-XRv, 
144-146 

console problems, 209 
defined, 230 

Ethernet interfaces, adding to 
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82-83 

FreeBSD, installing, 67, 71-76 
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69-70 

IDS/IPS system ready for, creating, 
135-139 
installing, 63-65 
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overview, 5, 63 

partitioning filesystem, 71-76 
virtual hard disk, creating, 70-71 
virtual machine of FreeBSD, 
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qemu program, 69 
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qemu-img program, 69, 70 
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qemu-system-x86 package, 64 
qemu-system-x86_64 binary 
application, 82 
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Quick Emulator. See QEMU (Quick 
Emulator) 
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defined, 230 
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IOS router, 25 
IOU virtual machine, 161 
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QEMU virtual machine, 129, 
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preferences window, 
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reset command, 141, 143 
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resources, sharing. See multiple PCs, 
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route command, 56 
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EtherSwitch, 96 
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server PC, client/server setup, 192-193. 
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show command, 49, 191 
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command, 90-91 
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sparse memory support, Dynamips, 23 
SSH (Secure Shell), 230 


246 Index 



start command, 191 
Start VM in headless mode option, 
VirtualBox, 55 
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Stop all devices icon, GNS3 toolbar, 35 
stopping routers, 41 
sudo command, 180 
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suspend command, 191 
suspending routers, 41 
SVC (switched virtual circuit), 230 
SVI (switched virtual interface), 168 
switch block design, Cisco, 200 
switch modules 
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overview, 44 
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devices to 
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Catalyst, 6, 223 
Cisco, CDP tunneling 

compatibility of, 115 
EtherSwitch router, 96, 109-112 
Frame Relay, 97-102 
IOU, 152, 167-168 
Switches icon, Devices toolbar, 37 
switchport mode access command, 119 
Symbol selection window, 45, 46 
symbolic link (symlink), Linux, 154 
symbols for devices, changing, 45-46 
Synchronous Optical Network 
(SONET), 230 

sysinstall Main Menu, FreeBSD, 71 
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tab completion, NX-OSv, 175 
tag stripping, preventing, 110, 113 
TAP adapter, for virtual access server, 
179-180, 181, 182 
TAP interfaces, 105, 108 
TAR (Tape Archive) files, 230 
TCP (Transmission Control Protocol) 
configuring in VirtualBox, 56-57 
defined, 230 

port number, changing, 43 


Telnet Client application, 69 
terminal. See virtual access server 
terminal program, and console 
problems, 209 

terminal settings, configuring, 42 
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testing 

ASA in GNS3, 131-132 
Cisco IDS/IPS, 141, 143-144 
Internet connectivity, 121 
Juniper routers, 83-84 
virtual access server, 184 
VPCS, 50 
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TFTP (Trivial File Transfer Protocol) 
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132, 133 
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defined, 230 
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server, 187 
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Devices, 33, 37, 38, 55, 197 
GNS3, 32, 34-37 
topology file, 32 
Topology Summary, 33 
Transmission Control Protocol. 

See TCP 

Trivial File Transfer Protocol. See 

TFTP (Trivial File Transfer 
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troubleshooting 
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configuration issues, 210-211 
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Dynamips, 46, 204 
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210-211 
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IOS images failing to load, 204-206 
IOS memory errors, 206-207 
multi-protocol routing issues, 46 
NIO errors, 207-208 
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port number conflicts, 212-213 
problem categories, 203-204 
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sudden problems, 203-204 
unsupported IOS images, 211 
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u 

uberlab, creating, 198-199 
Ubuntu Linux. See also Linux 
Cloud node, configuring, 181 
connecting devices to Internet, 120 
Console application, choosing, 

27, 28 

cpulimit program, installing, 131 
GNS3 system, installing on, 11-14 
GNS3 WorkBench, installing, 

16-17 

gns3server program, 192 
IOU, installing, 154 
permissions problems, 207-208 
QEMU, installing on, 64-65 
TAP adapter, configuring in, 
179-180 

TUN/TAP drivers on, 109 
virtual access server 

limitations on, 185 
Wireshark, installing on, 59 
UDP (User Datagram Protocol) 
defined, 231 
sockets, 104 

tunneling port range, 156, 157 
UNIX Socket connections, 105. 

See also IOU 
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unpacker software, 127 
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DETECTED’’ error, 140-141 
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updating Ubuntu package manager, 12 
upgrading 
GNS3, 167 
virtual routers, 32 
uploading IOU image files, 162-163 
Use the local server setting, Dynamips 
preferences window, 194 
User Datagram Protocol. See UDP 
user project folders, 32 
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VBoxManage application, 52-53, 85 

vconfig command, 114 

vendors, integrating multiple, 200-201 


vi editor, 137-139 

VIRL (Virtual Internet Routing Lab), 
Cisco, 2, 231 
virtual access server 

Cisco IP hostname table 

configuration, 184-186 
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Cloud node configuration, 181-182 
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connection timeouts, setting, 187 
defined, 177 
limitations of, 185 
Loopback Adapter configuration in 
Windows, 178-179 
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overview, 177-178 
preparing GNS3 server, 180-181 
router configuration, 182-184 
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testing, 184 
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178-180 
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virtual disk image files, QEMU, 

70-71, 135 

Virtual Distributed Ethernet device 
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Cisco, 2, 231 
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146, 231 
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IOS-XRv; Juniper Olive; 
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NX-OSv 
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IOU, 153, 160-163, 164, 167 
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QEMU, 127-131 
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Virtual Private Network Connection 
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console problems, 209 
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installing, 50-51 

IOU virtual machine, 160-163 
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linking host nodes to other devices, 

56- 57 
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57- 58 
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troubleshooting, 53 
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TECHNICAL REVIEW 
BY JEREMY CROSSMANN 
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BUILD VIRTUAL 
NETWORKS AND 


SAVE YOURSELF ^ 


SOME DOUGH 



GNS3 is open source software that emulates Cisco 
router and switch hardware to simulate complex 
networks. You can use GNS3 on any computer to 
experiment with various router configurations, study 
for that next big Cisco certification, or build the 
ubernetwork of your wildest dreams—all without 
plugging in a single physical network cable. 

The Book of GNS3 will teach you how to harness the 
powerful GNS3 software to create your own virtual 
networks with Cisco and Juniper devices. Hands-on 
tutorials throughout show you how to: 

• Configure Cisco IOS and ASA devices in GNS3 

• Add Juniper routers to your projects with VirtualBox 
and QEMU 

• Connect GNS3's hub, switch, and cloud devices to 
physical hardware 

• Integrate Cisco IOU virtual machines for advanced 
switching features 


• Simulate a Cisco access server to practice managing 
devices 

• Build bigger labs by distributing project resources 
across multiple computers 

Why set up all of that expensive physical hardware 
before you know whether it will all work together? 
Learn how to build virtual networks with The Book of 
GNS3, and stop reconfiguring your lab every time 
you want to test something new. 
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